FAQ

Answers from the experts at Zimperium.

Mobile Application Security

How does Zimperium secure mobile applications?

MAPS is Zimperium’s Mobile Application Protection Suite. It is a holistic platform focussed on helping enterprises build SAFE and SECURE mobile applications. It helps secure the app during development and runtime by automating and integrating security into the entire mobile application lifecycle.

What operating systems does the MAPS suite support?

iOS and Android are supported. Native languages and Hybrid frameworks are supported as well.

How do we secure the app during development?

We provide a continuous and automated Mobile Application Security Testing(MAST) tool that identifies Privacy, Security, Internal, and Regulatory Compliance gaps within the mobile application development process.

How do we secure the app during RUNTIME?

We provide an SDK that enables the app to protect itself from on-device attacks and provide threat visibility while operating on mobile devices in the wild to help prevent data loss, data breaches, and fraud.

What is application protection and why do I need it?

Application protection, also referred to as in-app protection, can be categorized as security solutions that focus on building and increasing the defense capabilities within an application, making it more resistant to attacks. It generally includes techniques such as code obfuscation, specialized cryptographic key protection, anti-tampering protections, and Runtime Application Self-Protection (RASP).

 

In-app protection solutions are proactive in nature, embedding defenses into your applications so they can withstand and block threats like reverse-engineering, data and IP theft, misuse, vulnerability exploitation, and tampering. Application protection secures your software-based assets, and safeguards your organization and customers from attacks.

What are the differences between application protection, in-app protection, application hardening, and application shielding?

Often all of these terms are used interchangeably. However, application protection and in-app protection can be regarded as broader terms that include application hardening and shielding techniques, as well as cryptographic key protection and additional security measures that increase the self-defense capabilities of an application. In-app protection incorporates mechanisms to detect and respond to threats and malicious behavior in real-time. These capabilities are critical for applications to operate securely in untrusted environments.

 

Application hardening and application shielding generally refer to a subset of the security techniques covered by application protection. Application shielding involves making strategic modifications to the source, byte, or binary code that make the application resistant to reverse-engineering and tampering.

We already use an application security testing solution, how is in-app protection different?

Unlike security solutions focused on testing, detecting, and then remediating vulnerabilities in apps, in-app protection plays its part primarily in the prevention and thwarting of attempted attacks. Application testing solutions are based on analyzing and finding known vulnerabilities and weaknesses against identified threats. By contrast, application shielding hardens code to make it extremely difficult to understand it or find a foothold to launch any type of attack on an application. It evaluates and analyzes an app’s environment to ensure it can run securely and proactively blocks attacks before they can cause damage.

 

Application security testing and in-app protection address different security needs and complement, rather than substitute for, one another.

Is in-app protection applicable to both desktop and mobile applications?

Yes, application protection techniques should be used by both desktop and mobile applications, although many tools focus exclusively on one or the other. Zimperium’s application security hardening solutions support Android, iOS, Linux, macOS, and Windows platforms—along with embedded systems, set-top boxes, connected-cars, medical devices, mobile banking solutions, and more.

 

Zimperium’ zShield can protect Android Java, Desktop/Server Java, Kotlin for Android, C, C++, Objective-C, and Swift source code and requires no significant changes to the code itself or the existing build chain.

What are the different methods or techniques of application protection?

Several combinations of techniques are used to provide robust in-app protection. Below are some of the most crucial.

 

Reverse engineering protections

 

Code obfuscation: Code obfuscation makes strategic modifications to the code so that it is difficult to decipher and decode.

 

Anti-debugging: Adding mechanisms that detect the presence of common debuggers and debugging techniques, and take action to block them.

 

Binary packing: Binary packing is a technique used to protect against static analysis.

 

Diversification: Diversification alters code so that each software instance must be cracked individually.

What is Cryptographic key protection

White-box cryptography: A software-based method to secure cryptographic keys that combines obfuscation, encryption, and mathematical transformation techniques to hide cryptographic keys and algorithms so that even if a program or device is compromised, cryptographic keys remain safe.

 

Tampering

 

Integrity Checking: Integrity checking hardens applications by inserting thousands of small, overlapping checksums. During runtime, each of these checksums tests whether a particular segment of the executable has been tampered with.

 

iOS Jailbreak Detection: Jailbreak protection identifies if the device security has been breached and reports it to the application, enabling it to take the appropriate response.
Android Rooting Detection: Android rooting detection methodologies implement anti-rooting techniques to detect the legitimacy of the operating system and execute defense actions accordingly.

 

RASP/intrusion detection and response: Apps can protect themselves by executing a defense response when a tampering attempt is detected. For example, sending an alert, preventing execution of some commands, deleting sensitive data, or shutting the app down.

Does application protection help me comply with regulations that are required for my business?

Robust application protection generally includes specific security measures in accordance with requirements by GDPR, PCI-DSS, EMV, HIPAA, the EU Medical Device Regulation, and other regulatory statutes and bodies. For example, many regulations require strong protections against reverse-engineering and tampering including code obfuscation, environmental checks, embedded integrity checkers, as well as cryptographic key security.

Does application protection protect encryption keys?

While most in-app protection solutions provide at least some level of key protection, they may or may not include dedicated cryptographic key security such as white-box cryptography. White-box cryptography is probably the most effective software-based method to protect encryption keys. It uses extremely sophisticated mathematical transformation and obfuscation techniques to hide cipher keys and cryptographic operations. White-box cryptography ensures that encryption keys remain protected at all times, even if the application or device is compromised.

How does the DevSecOps framework fit into application protection?

The goal of DevSecOps is to bake security in as a part of the software development lifecycle (SDLC) with secure coding best practices and testing automation. This has proven to be better and more efficient than addressing security concerns after applications are in production.

 

Combining development, security, and operations teams under a DevSecOps model helps teams release app builds faster, with fewer vulnerabilities, and with upgraded security. While it may require an additional early investment, it saves on major post-production costs by preventing attackers from exploiting the app easily. Combining application shielding in the DevSecOps framework strengthens the app at its core, adding a layer of protection that is toughened and ready for launch into zero-trust environments.

What kinds of threats does application protection help mitigate?

Enterprise-grade application protection solutions give comprehensive protection from attacks associated with reverse engineering, tampering, code lifting, exploitation of vulnerabilities, and even from unconventional attacks like side-channel attacks. The consequences of such attacks include data exfiltration, intellectual property theft, encryption key discovery, financial fraud, malware insertion, and reputation damage.

Does application shielding prevent reverse engineering?

Reverse engineering plays a central role in almost every attack on an application. Hackers use it to discover sensitive data, unprotected keys, and information that could be used to further penetrate the application and connected systems. Reverse engineering also exposes unprotected proprietary algorithms and other intellectual property.

 

Application shielding uses different techniques like code obfuscation, anti-debugging mechanisms, binary packing, and diversification to make the source code of an application extremely difficult to reverse engineer. White-box cryptography adds specialized protection for encryption keys. This makes even the most determined hackers abandon their attacks in most cases.

How does application shielding protect my app from jailbroken or rooted devices?

Jailbreaking an iOS device and rooting an Android device gives the user administrator-level root access to various subsystems. Once a device is jailbroken or rooted, security controls installed by the manufacturers are breached allowing attackers and rogue apps to access your application data or keys.

 

Zimperium’s solution detects when there is a breach in the security of a device and reports it to the application to take appropriate defense measures. The solution also helps strengthen the defense capabilities of the application, so even when operating in an insecure environment such as a compromised OS, it can withstand attacks from different possible threats.

What is code obfuscation?

Code obfuscation is an application protection technique that works by transforming the code to make it very difficult for hackers to understand and decipher. Strong and well-applied code obfuscation:

Hides and confuses the logic, structure, and purpose of the code to stop hackers who attempt to reverse engineer or tamper with your application

Conceals information that can be used in further attacks, such as debug information, log messages, and strings displayed to the user

Secures valuable intellectual property, such as proprietary algorithms or licensed technology or content

 

Hardens potential attack points by obscuring security flaws and vulnerabilities so they can’t be exploited

 

Obfuscation methods range from basic to complex, and include stripping out potentially revealing metadata, renaming useful class and variable names to meaningless labels, adding decoy logic, inlining functions, encrypting some or all of the code, and obfuscating the application’s control flow in.

What is RASP?

Hackers tamper with an app to change its compiled code or runtime behavior. For example, they might inject malicious code or spoof an authorized identity, allowing them to access valuable information and possibly the entire network. Apps can protect themselves by using RASP techniques to detect tampering attempts and execute an appropriate defense response.

 

Runtime application self-protection (RASP) is a term used to describe the variety of detection methods and defensive actions an app can employ to prevent code reverse-engineering, tampering, and other attacks in real-time.

What is a side-channel attack?

Side-channel attacks are a set of security exploits that involve the observation of characteristics and behavior of devices when performing cryptographic operations. When an attack is carried out utilizing these observations, it is known as a side-channel attack. Side-channel attacks can be carried out against any operating system, including Windows and Linux. The infamous Meltdown and Spectre vulnerabilities are prime side-channel attack examples that affected nearly every modern processor.

 

Types of side-channel attacks include:

 

  1. Speculative execution attack
  2. Power monitoring attack
  3. Cache attack
  4. Timing analysis
  5. Differential fault analysis (DFA)
  6. Thermal imaging

 

Zimperium’s zKey provides an industry-leading white-box cryptography solution to protect secrets and keys from exposure, even against new side-channel attacks as they emerge.

What is white-box cryptography?

White-box cryptography is a highly specialized software-based security technique to protect cryptographic keys and operations. It combines obfuscation, encryption, and mathematical transformation techniques to hide cryptographic keys and algorithms so that they never appear in the clear. Standard operations such as encryption, decryption, secure key unwrap, and digital signature creation and validation are done within the secure white-box environment, protecting the keys even if the device is compromised by an attacker.

 

White-box cryptography provides essential cryptographic key protection in multiple industries. For example, the Payment Card Industry (PCI) Security Standards Council, has determined white-box cryptography to be a preferred method for securing cryptographic keys in Tap-to-Phone mobile POS applications.

What is anti-debugging?

Anti-debugging is a set of techniques used within the code of an application to detect and prevent the act of debugging. This stops attackers from dynamically running applications, trying to understand how they work, and changing the behavior of certain features or checks within the application.

 

Anti-debugging techniques include observation and detection of small memory, the operating system, process information, and latency that arises when a debugger is attached to an application and compared to when there is no debugger present.

What is integrity checking?

Integrity checking is a technique used in application hardening to determine if an application has been tampered with. Small pieces of code, called checkers, are inserted into your application that act as a trigger in the case of tampering. These triggers execute predetermined actions to protect the application’s integrity such as notifying the user, calling a custom response function, generating a log message, or even shutting down the application.

Why is application protection important for apps that run in zero-trust environments?

Applications deployed into zero-trust environments like mobile phones provide opportunities for hackers to easily gain access into systems. Conventional security practices such as firewalls, anti-virus, and MDM are no longer sufficient as none properly protect the app and the assets they contain.

 

Applications outside the perimeter need to be protected to reduce risk, prevent financial loss, and protect your business brand and intellectual property. Zimperium’s advanced cross-platform application security suite provides patented application shielding to protect software applications, mobile apps, and IoT devices by dramatically increasing their resistance against reverse engineering, tampering, and theft of cryptographic keys.

Mobile Security

How can I tell if my phone is hacked?

More than likely you will not be able to determine if your phone has been hacked or compromised without knowledge of the operating system and device hardware. However, you may notice your phone exhibiting new behaviors like becoming slower, crashing, and having excessive battery drain. Some users received enormous data usage bills from their service providers after malicious adware was installed on the device. To determine with certainty whether or not your phone has been hacked or compromised by a third party requires specialized software to do so. Zimperium provides a mobile security or mobile threat defense app, zIPS, that determines if your phone is being tampered with. zIPS privately monitors the behavior of your device using a machine learning technology to detect and prevent smartphones and tablets from being hacked or compromised. In the event your phone is being hacked, zIPS can detect and stop the attack. zIPS will also gather technical details about the attack and how it is being delivered to your device so you can avoid future hack attempts. The information about the attack is stored in an administration console for your security team.

 

You can download zIPS in the Apple App Store or Google Play and contact Zimperium for an activation license. There are also videos available explaining “What is zIPS?” and “How to Tell if Your Phone is Hacked?”

What are mobile security threats?

Mobile security threats are vulnerabilities or attacks that attempt to compromise your phone’s operating system, internet connection, Wi-Fi and Bluetooth connections, or apps. Smartphones possess very different behaviors and capabilities compared to PCs or laptops and need to be equipped to detect attacks specific to mobile devices. Mobile devices contain unique functions and behaviors making traditional IT security solutions ineffective to securing mobile devices.

 

One of the primary differences how mobile devices are different from PCs and laptops, is administration privileges. There are several administrators for a PC or laptop making it simple for corporate IT to install security software and monitor computers for problems. On mobile devices administration is handled by the device owner. The device owner is the only one that can install apps or allow other management profiles on the device. This means the burden of securing the mobile device and its data falls entirely on the user–who may not have the time or expertise to provide proper mobile device security.

 

To address this issue, Zimperium provides a platform uniquely allowing IT organizations to protect company networks and systems by installing a mobile security app on devices accessing corporate systems. The zIPS mobile security app monitors mobile devices for malicious behavior and detects attacks to the device from operating system vulnerabilities, the network, apps or mobile malware. The app uses specialized technology specific for mobile to detect all types of attacks without the need to read user data or hinder device performance.

Why is mobile security important?

Mobile security is very important since our mobile device is now our primary computing device. On average, users spend more than 5 hours each day on a mobile device conducting company and personal business. The shift in device usage habits has also moved the prime target for hackers from PCs to our mobile devices. Since mobile devices are now a prime target, we need to secure them and arm them with threat detection and malware protection just like PCs.

 

Smartphones are able to circumvent traditional security controls, and typically represent a massive blind spot for IT and security teams. Hackers know this, which no doubt contributed to the number of smartphone attacks recorded between January and July 2016. The number of attacks nearly doubled compared to the last six months of 2015. During that same time period, smartphones accounted for 78% of all mobile network infections. According to Zimperium, 4% of corporate mobile users detected malicious Wi-Fi attacks in the first half of 2017. You can review information about these attacks in the Zimperium Global Threat Report.

Do I need mobile application security?

There are over 3 million apps in Google Play and 2 million in the Apple App Store. These stores perform analysis on apps and remove malicious apps once they are identified. However, malicious apps do enter the stores and infect users’ devices. Examples of app-based attacks include XcodeGhost on iOS and Gooligan, a family of Android-based malware.

 

Apps have special privileges and access to device functions, such as location, access to cameras, microphones, and user data. Users provide access to device functions upon app install but may not fully comprehend the potential harm they may be allowing. Plus, sophisticated attacks could activate days after an initial install or after an app update, to evade signature-based malware detection. You need to install a real-time mobile security solution to detect attacks from apps and mobile malware.

 

Zimperium monitors device behavior and also investigates apps for security issues and privacy abuse. Some of the most severe issues include:

 

  • Does the app contain known malware?
  • Does an app app share passwords from its keychain with other apps made by the same team?
  • Does the app use weak encryption?
  • Does the app use private or outdated frameworks?
  • Does the app send query parameters with private user or device information?
  • Does the app read private information such as the UDID or device identification number?

 

Zimperium completed a study of 50,000 iOS apps installed on enterprise users devices. The study found 1,101 or 2.2% of the apps had at least one of the aforementioned security or privacy issues. This is a significant concern to enterprises since 1 of 50 apps is potentially leaking data to third parties. The complete study is available in the Zimperium Global Threat Report, 2017.

What is mobile security?

Mobile security refers to the set of technologies and practices that aim to protect mobile devices against operating system vulnerabilities, network and app attacks, or mobile malware. Technologies such as enterprise mobility management (EMM) solutions manage compliance policies and issues relating to device privilege or loss. Mobile threat detection (MTD) technologies such as Zimperium’s zIPS complement EMM solutions, protecting devices from cyberattacks via network, application and operating-system threats and vulnerabilities. Your mobile security strategy will vary on your deployment architectures and whether you need an EMM and / or MTDContact Zimperium for a briefing and risk analysis on how to determine your mobile risk posture.

Which mobile security is best for android?

In order to determine which mobile security is best for Android, it is important to take into account both known threats (those for which there are already recognized signatures) and unknown threats (which are zero-day threats). Zimperium’s zIPS app uses real-time, on-device machine learning-based technology to protect Android devices against both known and unknown threats.

 

You can download zIPS in Google Play and contact Zimperium for an activation license. There are also videos available explaining “What is zIPS?” and “How to Tell if Your Phone is Hacked?”

Which mobile security is best for iOS / iPhone?

To understand which mobile security is best for iOS / iPhones, it is helpful to understand that iOS devices are subject to both known and unknown threats. Known threats are those that have already been discovered and for which there are known signatures. Unknown threats, also referred to as zero-day threats, do not have known signatures. Zimperium solutions such as zIPS use real-time, on-device machine learning-based technology to protect iOS devices against both known and unknown threats.

 

You can download zIPS in the Apple App Store and contact Zimperium for an activation license. There are also videos available explaining “What is zIPS?” and “How to Tell if Your Phone is Hacked?”

Which mobile security is best for enterprises?

There are a number of mobile security solutions available on the market, but identifying which mobile security is best for enterprises entails using specific criteria. As is often the case, solutions designed for consumers and end-users may not be as robust, full-featured, reliable and scalable as solutions designed specifically for the enterprise. In particular, mobile security solutions that are suitable for enterprise use should include scalability, autonomous functionality, machine learning, on-device operation, and protection from zero-day threats. Enterprises also need to consider flexible deployment models to take advantage of existing infrastructure or cloud computing environments. Zimperium solutions such as zIPS uniquely meet all of those criteria.

 

You can download zIPS in the Apple App Store or Google Play and contact Zimperium for an activation license. There are also videos available explaining “What is zIPS?” and “How to Tell if Your Phone is Hacked?”

Are mobile security apps necessary?

Yes. Mobile security apps are necessary to prevent phone tampering from operating system vulnerabilities, other apps, or malicious activity on network or Wi-Fi connections. Mobile devices contain and have access to private and sensitive data about your business or person and the data needs to remain private. Mobile phones do provide some security features like PIN and lock codes, but they do not come with security software to prevent mobile attacks and hack attempts nor will they alert you if there is a problem. For these reasons, we recommend using a mobile security app such as zIPS. zIPS mobile security app monitors your mobile device for malicious behavior and dynamically detects attacks from malware, apps or your Wi-Fi and network connections. zIPS users have detected attacks in every region of the world from operating system vulnerabilities, bad apps and network attacks. You can review these attacks and review the details in the Zimperium Global Threat Report.

Mobile Threat Defense (MTD)

What is mobile threat defense?

Mobile Threat Defense (MTD) solutions protect mobile platforms by detecting threats to devices, operating systems, the networks they use and apps on the device. Each of these vectors is vulnerable to a variety of attack methods. More information about mobile threat defense is available on the Zimperium blog here.

What analysts cover mobile threat defense?

Several analyst firms now cover both EMM and MTD markets. There are several analyst reports available on Zimperium.com and on the Zimperium blog.

Zimperium

How does Zimperium compare with Symantec / Skycure?

Please contact us today for information and reports on how to compare several mobile threat defense technologies and methodologies.

How does Zimperium compare with Lookout?

Please contact us today for information and reports on how to compare several mobile threat defense technologies and methodologies.

How do I contact support?

Zimperium support can be contacted at support.zimperium.com.

How do I contact support?

Zimperium support can be contacted at support.zimperium.com.

Can I receive a trial of Zimperium zIPS?

Yes. Submit a request for a trial of zIPS and an administration console on our Contact Us page for evaluation licenses.

What is zLabs?

zLABS – Global Threat Intelligence: Zimperium’s zLabs stays ahead of the ever-changing cybersecurity landscape by providing in-depth, ongoing research. The team has identified and disclosed numerous mobile device vulnerabilities over the past few years to Apple and Google. These discoveries have helped influence security practices, acceleration of security updates by Google and mobile operators and suggest more accountability for iOS security.

zIPS

How does Zimperium zIPS work?

The zIPS mobile security app provides comprehensive protection for iOS and Android devices against mobile device, network, and application cyberattacks. The app leverages machine learning to provide on-device protection from known and zero-day threats. More information about zIPS is available on the zIPS Product page and YouTube “What is zIPS?”.

 

You can download zIPS in the Apple App Store or Google Play and contact Zimperium for an activation license. There are also videos available explaining “What is zIPS?” and “How to Tell if Your Phone is Hacked?”

Does zIPS integrate with EMM?

Zimperium mobile threat defense integrates with leading enterprise mobile management solutions, including:

VMware AirWatch
BlackBerry
Citrix XenMobile
Microsoft Intune
MobileIron
Silverback

How does zIPS perform remediation?

zIPS™ can detect both known and unknown threats by leveraging machine learning to analyze the behavior of mobile devices. zIPS operates by itself or with existing enterprise mobility management solutions (MDM, EMM). More information about zIPS is available on the zIPS Product page or by viewing videos explaining “What is zIPS?” and “How to Tell if Your Phone is Hacked?”

zANTI

How do you use Zimperium zANTI?

zANTI™ is a mobile penetration testing toolkit that lets security managers assess the risk level of a network with the push of a button. This easy to use mobile toolkit enables IT Security Administrators to simulate an advanced attackers and to identify malicious techniques they use in the wild to compromise corporate networks. More information and “how to” videos are available on the zANTI Mobile Penetration Testing page.

Where do you download zANTI?

zANTI is available for download from the zANTI Mobile Penetration Testing page.

How do you perform a MITM with zANTI?

There are how to videos on the zANTI Mobile Penetration Testing page. There is also a video on how zIPS detects a MITM when attacking a device with zANTI.

Vulnerabilities

What is Stagefright?

Stagefright is a vulnerability that can be exploited via 11+ attack vectors and allows remote code execution exploiting several critical vulnerabilities in the Android Media Library. There are over 24 critical CVEs between Stagefright 1 and Stagefright 2. Attack vectors like MMS directly hit the firmware (media server in this case) and bypass the entire application layer. More information about the Stagefright vulnerability and how to defend yourself is available on the Zimperium blog.

What is Pegasus?

Pegasus is a sophisticated trojan targeting the iOS platform. It provides an attacker abilities to remotely monitor and capture communication from a device (including calls, texts, Whatsapp, Viber, etc). A successful attack transforms a device running iOS into a powerful surveillance tool. This is a persistent attack and enables an attacker to remotely update and control the device to provide additional functionality as required. More information about the Pegasus vulnerability and how to defend yourself is available on the Zimperium blog.

What is DirtyCow?

DirtyCow is a privilege escalation vulnerability on Android devices. Zimperium detected DirtyCow as an attack before it was disclosed and classified. Zimperium did not require a client update to detect the threat since its threat detection technology detected malicious behavior. More information on DirtyCow is available on the Zimperium blog.

What is BlueBorne?

BlueBorne is an attack leveraging Bluetooth connections to penetrate and take control over targeted devices. BlueBorne affects ordinary computers, mobile phones, and the expanding realm of IoT devices. The attack does not require the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode. According to Google it “could enable a proximate attacker to execute arbitrary code within the context of a privileged process.”

Get started with Zimperium today