Mobile emulators, besides their original use cases, have become a tool used by hackers for targeting mobile applications. By allowing access to multiple devices and apps at once, they have proven to be a successful method of bypassing authentication and rule-based security measures. To find out what cybersecurity experts are dealing with at the moment, keep on reading!
Mobile emulators are tools designed for running tests on mobile devices using desktop computers, particularly useful when it comes to testing mobile applications. They allow developers to simulate, imitate, and optimize mobile app software and hardware behavior without the need to use multiple types of devices.
A great part of the mobile emulator utility is making the design of the application responsive. Mobile applications need to work well on different types of mobile operating systems and interfaces, which includes factors such as different screen resolutions. You can emulate any device type, model, manufacturer, screen, location, touch screen taps, and swipes – all without possessing a physical device.
Emulators are a cheaper and more efficient way of developing mobile software because they offer scale. There is no need to test on various types of devices. By using an emulator, you are set up for success because of its accessibility, time efficiency, and ease of use.
Unfortunately, with mobile emulators being within such an easy reach, the technology is also used for illegal practices.
When given to the hands of an attacker, mobile emulators are able to cause a great amount of damage. Victims include all of the mobile app stakeholders: app owners, developers, and end-users. Widespread use of mobile emulators among hackers makes a lot of sense since it enables them to run large-scale attacks directly from their desktops.
Here are some common use cases for mobile emulators regarding mobile fraud:
Furthermore, the traditional rule-based security platforms can be easily bypassed with the use of a mobile emulator. In case an emulated instance of a device ID is blacklisted, the attacker simply discards it and creates a new one.
With the evolving security technology, attackers are evolving as well. Their attacks are getting more and more sophisticated by the minute, demanding the full attention of cybersecurity experts. To get an idea of how sophisticated these hackers are nowadays, find out what happens when a group of organized hackers walks into a bar and finds 20 emulators.
We have to mention the infamous fraud operation that used mobile emulators as its weapon of choice to commit fraud on a never before seen scale. The name of the operation, Evil Mobile Emulator Farms. Researchers from IBM Trusteer have detected a fraud operation that used mobile device emulators in order to drain millions of dollars in just a few days.
A group of organized professionals used about 20 emulators, which imitated 16,000 smartphones belonging to end-users of an mBanking application. A separate case brought findings that are even more shocking - a single emulator imitating 8,100 devices.
To follow through with the attack, hackers had a lot of prepping to do. Their tasks included the collection of usernames and passwords, device types and IDs, parts of SMS messages (the ones containing OTPs for successful 2FA). This indicates yet another task, infecting the spoofed mobile devices with malware prior to the emulator attack.
After taking care of the data necessary to bypass the authentication, the attackers were able to automate the attack by using emulators. Since the actual purpose of an emulator is to mimic the behavior of a mobile device; the attackers automated the attack by scripting it and feeding the login data to the mBanking app. And that is, in short, how US and EU banks lost millions in a matter of days.
ASEE developed a mobile app security solution capable of detecting and preventing real-time attacks – App Protector. By covering a multitude of mobile application threats; including emulators, App Protector is a security powerhouse capable of safeguarding your application and its users.
In case of a detected anomaly within the device or the application, App Protector neutralizes the threat by responding in one out of three ways:
App Protector allows customization of responses when in online mode. Online mode offers an admin portal used for configuration customization. Meaning that the administrator is able to select the preferred response for a specific type of detected threat. The offline mode of App Protector comes with hardcoded configuration where such customization is not available.
It is important to notice that the integration of App Protector with your mobile application does not affect the look or feel of the app itself. There is no tampering with the design and performance of the app; only a much needed additional layer of security for you and your end-users.
In case you're curious, feel free to contact us - zero obligation. Our ASEE team will be happy to hear you out.