No-one is going to have any sympathy for marketers when their apps get hacked
What will happen when brand apps attack? Not if, but when. Brand apps will turn on customers and fans, exploiting their most private – photos, conversations, transactions, behaviours and financials - and creating a spectacle of brand disasters, launched to the world by marketing departments and their digital agencies. It's time to prepare, explains Peter Hewett, CEO of Quixxi Security.
This is not paranoid dystopia. It’s reality. Because hackers fish where the fish are, and hack where the vulnerabilities lie.
App attack ‘opportunities’ are growing to more than six billion worldwide by next year. In Australia alone, 90% of the population is exposed. These are the numbers of how many smartphones are in use – each a host for a brand’s app.
When an app goes rogue, customers will backlash
It’s obviously a massive opportunity for marketers. Not only are mobiles in just about everyone’s hands. Everyone also looks at them several times a day. People carry them everywhere. And usually sleep next to them too.
Brand apps are too good an opportunity to ignore. For marketers, but also for hackers.
For example, the University of Cambridge once found that 87% of all Android smartphones are exposed to at least one critical vulnerability. Apple isn’t immune either, with the company pulling 40 apps from its official app store, because they were infected with malware.
The concern is that hackers are decompiling apps, and then recompiling them to include malicious code. The apps continue to quack like ducks, walk like ducks, and look like ducks. But are secretly manipulated into vultures – able to pilfer information from smartphones, voyeur through microphones and cameras, steal computing power for global digital attacks, render the phone obsolete – the list goes on.
This reverse engineering happens to apps that don’t have digital security layered into them. Safeguarding apps against abuse isn’t problematic, challenging or even budget hungry. It’s just a step that isn’t glamorous. Simple and unspectacular. Typically overlooked in favour of meeting deadlines. Or polishing the glitz and glamour of the brand app’s features.
When an app goes rogue, customers will backlash. What else is there to expect when a brand’s app is found to be watching a person sleeping, tracing bank account details, or doing anything the customer isn’t aware of?
Sure, while the brand will be as much a victim of the hack as the consumer – you can be sure no one will have much sympathy for the brand that built the app. Cambridge Analytica was the culprit, Facebook took the heat.
There is a growing raft of threats that can be inserted into a brand’s app when not secured. They include banking malware – specifically designed to manipulate mobile bank accounts; ransomware – locking important mobile files such as documents, photos and videos by encrypting them and demanding a ransom be paid; and spyware – monitoring activity, records and location, and lifting critical information such as usernames and passwords.
Any of these are blatant brand disasters. Yet it all can be avoided with three basic, albeit understated steps:
- Scan the app, built or being built, for vulnerabilities. To gain detailed analysis of the app, by reporting each detected vulnerability with a description, an explanation of the risks associated and recommendations for fixing the vulnerability.
- Shield the app, built or being built, from malicious manipulation by protecting against hackers looking to clone, tamper, inject malicious code, or exploit your brand app.
- Supervise the app to track how they’re being used. If anyone fiddles with it, you’ll know.
It’s reckless that these three steps aren’t taken on every brand app development, no matter how big or small. The bank of evidence is horrifying (and I’ll happily detail it outside of this public forum, as I’m not game to name and shame).
Peter Hewett, CEO, Quixxi Security
