In a perfect world, app creators and device producers would be able to guarantee customer security and product integrity by building ever-more robust cyber-walls to protect them. The unavoidable fact, however, is that the mass move to mobile and smart devices means that apps must migrate outside of the secure environments where they originate and into the “wild,” where they are vulnerable to reverse-engineering, exploitation, and other attacks by hackers.
It’s impossible for companies to protect their apps and devices solely from the server side. As a result, apps must be protected and become self-defending, or capable of reacting autonomously when hackers attempt to gain access or tamper with their code.
On a mass scale of millions or billions of app installations, constant monitoring for attempts at infiltration is extremely complex and costly. One security solution that can be useful is to empower apps with runtime application self-protection.
What is runtime application self-protection (RASP)?
Runtime application self-protection (RASP) is the term used to describe the variety of detection methods and defensive actions an app can employ to prevent code reverse-engineering, tampering, and other attacks. Hackers tamper with an app to change its compiled code or runtime behavior. For example, they might inject malicious code or spoof an authorized identity, allowing them to access valuable information and entire networks. Apps can protect themselves by using RASP techniques to execute a customizable defense response when a tampering attempt is made.
Some common RASP defense actions include:
- Sending an alert notification to the user
- Generating a log message to be sent to the security administrator
- Halting the execution of commands
- Corrupting elements of the application so that a hacker believes they have been successful, but they only have minimal access
- Deletion of sensitive data
- Shutting down the application entirely
It’s important to be able to set different RASP defensive actions for various attempts at application tampering.
Methods for app self-defense
To create or reinforce apps with RASP defenses, the app needs to be able to identify what attackers are trying to do in real-time. Robust application shielding solutions include a variety of RASP methods to boost an app’s self-defense capabilities, such as:
Overlapping checksum checkers
One of the most effective and impenetrable methods for detecting code tampering uses checksum or integrity checkers to ensure code integrity. Tiny pieces of code, known as checkers, are inserted at overlapping intervals, each serving to check another piece of code.
If a hacker changes any of the code, then the checksum won’t match the binary footprint it is supposed to, and the app takes the defined defense actions. Due to the vast web of overlapping checkers, even if a hacker manages to overcome one check, there are other checkers testing the integrity of that section of code.
Intertrust published one of the foundational papers on checksum checkers, and our own patented technique is an integral strand of our whiteCryption code protection system.
Android rooting detection
“Rooting” an Android device means circumventing the restrictions that either Google (the creator of the Android operating system) or the device manufacturer has implemented. While it is used to give phone owners more control over their device, it is also commonly used during the process of reverse engineering so that hackers can inspect an app’s code and/or identify secret keys.
A self-defending app can be programmed with a function call that executes an appropriate defensive action when it detects it is being used on a rooted device.
Jailbreak detection for iOS
In the Objective-C programming language, which is generally used for iOS applications, an existing class method name can be switched with different method implementations at runtime. This “method swizzling” can be harmless and a useful developer tool, but is also used by hackers to alter the intended actions of an app. A self-defending app can be empowered to detect method swizzling and execute a defensive action to prevent this kind of code hijacking.
Cross-checking of shared libraries
Shared libraries are another avenue of attack used by hackers, where a common library for an operating system (such as Microsoft’s DLL) can be weaponized to make use of the shared permissions it has. By including a function to assign cryptographic signatures and randomly cross-check the shared libraries being used, an app can constantly check whether a loaded library has been modified.
With the proliferation of apps and IoT devices, it is not possible for creators and manufacturers to ever build a wall big enough to ensure their security. Giving apps the ability to defend themselves through RASP methods means that, even in the wild, they will be able to detect attacks and execute defensive measures to keep your application and users safe.
Intertrust has been at the forefront of digital security for decades, and we are big believers in creating scalable runtime application self-protection systems that give apps the ability to defend themselves wherever they are. Our whiteCryption Code Protection system uses a variety of methods, including RASP, to shield apps for our clients in all industries, including healthcare, automotive, and finance. To find out how our highly effective whiteCryption app protection solution works, get in touch with us today.
About Prateek Panda
Prateek Panda is Director of Marketing at Intertrust Technologies and leads global marketing for Intertrust’s application shielding and device identity solutions. His expertise in product marketing and product management stem from his experience as the founder of a cybersecurity company with products in the mobile application security space.