Mobile App Exposure Management
In the context of cybersecurity, Mobile App Exposure Management refers to the process of:
Identifying:
Discovering potential security vulnerabilities and risks within mobile applications. This includes flaws in the app's code, data storage, communication protocols, and interactions with the device's operating system.
Mapping out the app's attack surface encompasses all points where an unauthorized user could attempt to gain access or cause harm.
Locating where sensitive data is stored or transmitted by the mobile application.
Assessing:
Evaluating the severity and likelihood of identified vulnerabilities being exploited.
Determining the potential impact of a successful attack on the app, its users, and the organization.
Analyzing the risks associated with various configurations and permissions of the mobile applications.
Mitigating:
Taking steps to reduce or eliminate identified vulnerabilities. This may involve code fixes, security updates, changes to app configurations, or the implementation of additional security controls.
Implementing measures to protect sensitive data and prevent unauthorized access.
Continuously monitoring the app for new exposures.
Mobile App Exposure Management proactively manages the security risks of mobile applications to prevent cyberattacks and data breaches. Due to the ever-evolving threat landscape, this is a continuous process.
ThreatNG assists with Mobile App Exposure Management in the following manner:
External Discovery: ThreatNG discovers mobile apps related to an organization within various marketplaces (e.g., Apple App Store, Google Play). This external discovery is crucial for identifying all mobile apps associated with an organization, which is the first step in exposure management.
External Assessment: ThreatNG assesses the contents of mobile apps for various exposures:
Authentication/Authorization Tokens & Keys: ThreatNG checks for the presence of various tokens and keys within the mobile apps such as:
Amazon AWS Access Key ID, AWS API Key, Artifactory API Token, Authorization Bearer, Discord BOT Token, Facebook Access Token, GitHub Access Token, Google API Key, Google OAuth Access Token, Heroku API Key, MailChimp API Key, Mailgun API Key, PayPal Braintree Access Token, Picatic API Key, Slack Token, Square Access Token, Stripe API Key, Stripe Restricted API Key, Twilio API Key, Twitter Access Token.
Authentication Credentials: ThreatNG also identifies various authentication credentials:
Username/Password or Similar (Artifactory Password, Basic Auth Credentials, Cloudinary Basic Auth).
OAuth Credentials (Client/Secret, Flows) (Facebook ClientID, Facebook OAuth, Facebook Secret Key, Google Cloud Platform OAuth, Google OAuth, Square OAuth Secret, Twitter ClientID, Twitter OAuth, Twitter Secret Key).
Service Account/Key Files: ThreatNG looks for files like Google Cloud Platform Service Account.
Private Keys (Cryptography): ThreatNG also searches for private keys such as the PGP private key block, the RSA Private Key, the SSH DSA Private Key, and the SSH EC Private Key.
Reporting: ThreatNG provides reports that can include details on mobile app exposures. These reports help organizations understand the risks associated with their mobile apps.
Continuous Monitoring: ThreatNG continuously monitors the external attack surface, which includes mobile apps, to detect new exposures. This ongoing monitoring is essential for staying ahead of potential threats.
Investigation Modules: ThreatNG's investigation modules, particularly the code repository exposure and mobile application discovery, help in detailed analysis:
Code Repository Exposure: This module discovers public code repositories and investigates their contents for sensitive data, including various credentials and keys that might be present in mobile app development environments. For example, it can uncover exposed API keys, access tokens, and private keys that could be exploited to compromise mobile app security.
Mobile Application Discovery: As mentioned earlier, this module identifies mobile apps in marketplaces and analyzes them for the presence of various authentication/authorization tokens and keys, authentication credentials, service account/key files, and private keys. This detailed investigation helps pinpoint specific vulnerabilities within the apps.
Intelligence Repositories: ThreatNG's intelligence repositories contain data on mobile apps, including indicators of various authentication/authorization tokens & keys, authentication credentials, service account/key files, and private keys. This information can be used to identify known risks and potential attack vectors associated with mobile apps.
Works with Complementary Solutions: ThreatNG's capabilities complement mobile app security efforts by providing external attack surface visibility. For example, ThreatNG can identify exposed credentials or vulnerable APIs that a mobile app might use, which can be further investigated with dedicated mobile app testing solutions.
Examples of ThreatNG Helping:
ThreatNG can help an organization discover a rogue mobile app developed by a third party. The app uses the organization's logo and potentially exposes customer data.
ThreatNG can identify a mobile app that has hardcoded API keys, which could allow an attacker to access backend systems and sensitive data.
ThreatNG can detect compromised credentials related to a mobile app development account, enabling the organization to take proactive steps to secure those accounts.
Examples of ThreatNG Working with Complementary Solutions:
ThreatNG's findings on exposed API endpoints in mobile apps can be fed into a mobile API testing tool to conduct more in-depth security testing of those APIs.
ThreatNG's detection of potential vulnerabilities in a mobile app (e.g., exposed credentials) can trigger an alert in a Security Information and Event Management (SIEM) system, prompting the security team to investigate further.