In a Nutshell: Traditional hacker attacks and viruses sought access to sensitive information on personal and business computers. But cybercriminals have shifted their attention to cellphone technology with the rise in mobile banking. Recent discoveries like the WPA2 Wi-Fi network vulnerability and the Janus Vulnerability for Android devices show that mobile application attacks are on the rise. To combat this trend, Arxan’s industry-leading mobile security solutions provide protection against reverse engineering and IP theft to the applications of global banks and financial service providers. The company’s anti-tampering technology has evolved since it was first used by the US Defense Department to protect sensitive software in enemy territory. Arxan’s customizable security solutions work for the Internet of Things (IoT), mobile, desktop, and other applications. //
A US spy plane that crashed on the coast of China is the reason you can safely pay bills and conduct other banking transactions on your cellphone.
It sounds like the premise for a cheesy ‘80s action movie, but real life can often be stranger than fiction.
Chinese authorities used the technology they had in 1996 to reverse-engineer all of the wrecked vessel’s software — meaning they determined how the onboard programs worked so they could extract any available secrets. The country then returned the stripped-down aircraft to America.
The ordeal caused the US Defense Department to push for anti-tampering technology. A startup named Arxan got the development contract on its first-ever proposal attempt — a rare feat in the industry.
While Arxan’s Defense unit split from its commercial side 10 years ago, the company still focuses on security and anti-tampering, but on much smaller devices.
“We work with banks of all sizes as well as mobile-payment providers,” said Rusty Carter, VP of Product Management at Arxan. “Our clients are both purely software companies or providers that use hardware and software.”
Arxan is the global leader in application attack prevention and self-protection products for the Internet of Things (IoT), mobile, desktop, and other applications. The company’s security solutions safeguard the sensitive data of major banks and financial service providers worldwide.
Rusty said that cyber attacks aren’t just for your home or business computer. Recent discoveries like the WPA2 Wi-Fi network vulnerability and the Janus Vulnerability for Android devices show that cellphones are the new target of cyber thieves.
Nearly one-half of all mobile cyber attacks focus on the application layer. This allows thieves to copy application logic and place a new layer on top of the target app to steal credentials and other sensitive data.
Hackers can then inject code into applications on your phone. For example, a fake login box might overlay the real login area of your bank application and send your credentials to the hacker. The user’s screen will show no signs of corruption and there will be no warning until it’s too late.
Arxan’s security solutions prevent such attacks from taking place.
“Our services are very customizable,” Rusty said. “They’re a fine-tunable machine with a wide variation of guards that offer different types of protection. There are various levels of protection within each guard in order to get the exact level and type of security that a customer wants.”
Protection from Reverse Engineering and Tampering Attacks
In 2017, Arxan studied a random sample of 55 of the most popular mobile banking and payments applications and found 98% lacking in the proper binary protections. When consumers were told of the study, 81% surveyed said they’d likely change financial service providers if they found theirs was on the list.
“There have been so many different attacks and vulnerabilities over the last six months,” Rusty said. “Businesses must understand that their environment — like the operating system and the network that protects your information — is not always safe and they need to protect their applications and data from the inside.”
Some of the world’s largest financial service firms use Arxan’s anti-tampering technology in their mobile applications to keep customers safe. The company solutions offer multi-layered protection against tampering, reverse engineering, and IP theft.
“The banks we work with have told us that their biggest fear isn’t a direct financial loss from an individual stealing via a compromised app, but the loss of trust from their customers,” Rusty said. “If I don’t trust your mobile application, why would I trust you with all of my money?”
To ensure applications are protected, Arxan uses a variety of techniques to evaluate the security of the most sensitive areas of an application.
The company also prevents outside access to sensitive data like payment credentials and cardholder information. Its suite of solutions blocks fraudulent transaction, ensures that keys are never present in the static form or runtime memory, and determines the safety of a client’s app environment.
“We’re constantly developing deeper capabilities around application and data protection,” Rusty said. “Our customers can protect data from the application all the way back to the customer’s data center.”
Reports Keep Customers Informed on Their Security Status
Having a proven company like Arxan protecting a financial institution’s mobile applications at all times gives clients peace of mind, but Arxan aims to provide more than that.
Aside from its industry-leading protection, the company also provides clients reports and feedback to keep them aware of the state of their application security.
That data is used to learn which areas of a client’s application are being targeted, how the attacks are taking place, and how to better prepare clients for future attempts to steal their sensitive data.
“The analytics show how their application is being attacked,” Rusty said. “When a customer configures protection of their application, they’ll protect the most important things. With us, they can really fine-tune the amount of protection being applied.”
Rusty compared the protection options to a hypothetical bank using Arxan’s services. While the bank may have its security configurations spread out among a range of features on its application, analytics may show that one specific area is being targeted. The bank can then instantly slide security resources from other areas to the vulnerable area to provide an extra layer of protection.
“There’s really no limit to the number of options you can create to protect your brand and data from thieves,” Rusty said.
Keep Your Application Protected While it’s in Enemy Territory
Customers trust that financial service providers have the latest security features running in the background of their mobile applications. While the federal government insures customer deposits against a bank going out of business, it offers no protection against financial losses caused by identity theft.
A breach of security could cost a customers cutomers a debilitating amount of time and money to recover their financial lives. The same breach could cost your brand its reputation and business.
Arxan has supplied financial service providers across the globe with mobile application security solutions for more than a decade. Its anti-fraud and anti-tampering technology was used by the US Defense Department to protect American technology in enemy territory.
Today, a bank’s enemies are everywhere. Arxan strives to remain a step ahead of them with technology that evolves every day.
“We’ve gained so much information on the ways apps work and function worldwide,” Rusty said. “We strive to be ahead of an attack and not work to defend against an attack after it’s happened,”
Arxan’s services include always-on protection that saves clients time and money by guarding a company’s brand and the customers it serves. To keep clients informed, Arxan also offers regular reporting of the security status of the applications it protects.
“We spend a lot of time with our customers, especially leading up to very busy times of the year when they are more concerned about attacks they may face,” Rusty said. “We can work with the customers hand in hand to optimize their protection for a particular time of the year.”