You can see examples of these hacks “brought to life” on YouTube and a summary of Binary Exploits is provided in our graphic below.
Reverse engineering or code analysis threat scenarios may include: Using intelligence gathered from code analysis tools and activities, the binaries can be reverse-engineered and valuable code (including source code), sensitive data, or proprietary IP can be lifted out of the application and re-used or re-packaged.
This is the second category of exploitable binary vulnerabilities, whereby mobile app binaries can be analyzed statically and dynamically.
For example, disabling security controls, bypassing business rules, licensing restrictions, purchasing requirements or ad displays in the mobile app - and potentially distributing it as a patch, crack or even as a new application.
For those of you who may not be familiar, binary code is the code that machines read to execute an application - it’s what you download when you access mobile apps from an app store like Google Play. Hackers are increasingly aiming at binary code targets to launch attacks on high-value mobile applications across all platforms. Unprotected binary code in mobile apps can be directly accessed, examined, modified and exploited by attackers.
We live in a mobile, personal world, where more than 1.5 billion new mobile phones ship each year.