Describe what are applications
Nowadays, many of us talk about applications even in our most casual conversations. But do we really know what an application is? To better understand how applications can become attack vectors for cybercriminals, we’ll first need to identify what they know about us.
What is software?
Software is a collection or set of commands in the form of code that instructs a computer or device to do some form of work. Software runs on top of the hardware (physical components) of a device. Broadly speaking, software comes in two types:
- System software
- Application software
System software is the first thing that runs when you turn on your device, and manages the different components that make it work. It also creates a framework that enables applications to run properly and to mitigate problems when they stop working.
System software can be characterized by the following:
- It controls or facilitates the hardware and processes of a system such as the keyboard, mouse, network, and video.
- It can run independently.
- It typically runs in the background.
For example, your computer’s operating system and utilities, like the antivirus and firewall, are all system software.
System software is a large and complex area, and is well outside the scope of this unit. But it’s worth noting that system software can also be the target of cybercriminal attacks.
Application software, also known as applications, are designed with a specific purpose. These include word processing, spreadsheets, email, and instant messaging, to name a few. These applications are designed to work on specific instances of system software, and the majority are available for the most popular systems.
Application software can be characterized by the following:
- Doing specialized work, such as word processing, video editing, and messaging.
- Designed for the user to interact with directly.
- Typically, it doesn’t run independently and needs system software.
- It needs to be installed by a user.
Word processors, email apps, internet browsers, and image editors, are all examples of application software. More than ever, we’re using application software to do all sorts of things, so they now come in all shapes and sizes. Applications can run on all types of devices, such as desktops, mobiles, and appliances. For example, games are applications that can run on desktops, mobile devices, and even smart televisions.
Applications are also becoming proactive and intelligent. For instance, the map application on your mobile phone could be tracking your location to provide real-time traffic information, even if you’re not interacting with it. Apps on your devices are collecting important data about you, like your location, how long you stay at a given place, your browser search history, and more.
Typically, the information collected is shared with other apps. For example, your browser search history is often shared with social media sites, so they can provide targeted advertisements based on that information.
Because applications are so intertwined with our daily lives, and run on all sorts of devices, they’ve become the key to information about us. Cybercriminals are aware of this, and will attempt to compromise applications to get their hands on our information.
Describe the threat landscape of applications
- 5 minutes
Applications are widely available and used for just about anything, from home and personal use, to work and school. They’re a fundamental part of our daily life. They empower us by making difficult things easier. At the same time, applications actively collect and hold vast amounts of data about what we do, who our friends are, where we’ve been, what we spend our money on, what our hobbies are, and much more. Cybercriminals are fully aware of how much data is held and accessed by these applications and will look for any weaknesses they can exploit.
Protecting our data, whether you’re an individual or a big corporation, is essential. Understanding how applications can be compromised, and where these threats come from, will improve your application security and the confidentiality of any stored or accessed data.
Applications from untrustworthy origins
The ability to download applications to your device, be that a computer, smartphone, or tablet, has become easier. The majority of us use the larger well-established application stores. Some of these will verify the authenticity of the applications before they list them, and prohibit certain types being sold through their platform.
There are, however, other places where you can download applications. There’s little or no restriction on the apps available and minimal verification on their authenticity. Not every app on these stores is bad. However, a cybercriminal can create and package source code, and give it the name of a legitimate application that users might be familiar with. They then upload it to a hosting site alongside legitimate applications.
If you install or run applications from untrustworthy sources, you could become the victim of a cyberattack.
Applications with inherent vulnerabilities
While application developers strive to ensure their apps are secure, it’s impossible to guarantee 100 percent protection. Cybercriminals will look for any vulnerability they can exploit. There are many different types of application vulnerabilities—open source and zero day are two of the more common ones.
Software developers will often create libraries of common functions to solve a specific problem. Everyone can access open-source libraries, and the source code is usually freely available. When an application developer wants to solve a specific problem, they’ll check to see if there’s an open-source solution first.
One of the benefits of open source is that issues and vulnerabilities are publicly identified and fixed. However, these libraries are also available to cybercriminals who will look for ways to take advantage. Developers need to stay current on the latest version of any open-source libraries they’ve used as components in their applications, to avoid cyberattacks.
Cybercriminals conduct detailed reconnaissance of applications, searching the code for flaws they might exploit. Any flaw that’s previously unknown to the application owner and left unpatched is considered a zero-day vulnerability. When a cybercriminal finds a zero-day vulnerability, they won’t publicize it. Instead, they’ll take full advantage. For example, a cybercriminal might have noticed that a banking app has a zero-day vulnerability, and used this to quietly steal information and money from application users. The zero-day name stems from the number of days a developer has from when a vulnerability is identified to when a fix is available—that’s zero days.
Browsers may be our gateway to the internet, but they’re also applications. That’s why most threats that you’ll come across manifest themselves through browser activity. Here’s two of the more common browser-based threats:
You may have heard about cookies, but do you really know what they are? A cookie is a simple plaintext file that contains small bits of data—your user credentials, last search you made, last purchased item, and so on. The purpose of cookies is to enhance your browser experience and make surfing easier, by simplifying the need to continuously log in to the site.
One common type of cookie attack is a session replay. If the cybercriminal can intercept or eavesdrop on your communications, they’re able to steal the cookie data, and your login data, then use it to access the website posing as you.
Typo squatting is a type of browser-based attack where a cybercriminal obtains deliberately misspelled domain names. These are based on popular websites, where they can put their own malicious code, disguised as a legitimate website for the domain. Users might then mistake the malicious website for the legitimate one they wanted to visit. If a user enters any personal information or follows instructions on the website, they’ve become victims of a cyberattack.
Describe how to protect your applications
- 6 minutes
In the modern world we’re always connected, and applications have become central to how we engage with it. Whether you’re talking to friends or colleagues, shopping or banking—applications make all this possible. All reputable application and software developers aim to build robust and hardened products that deliver the functionality we need, and the security to keep cybercriminals at bay. A hardened application is one where the developer has tested it against all the latest cyberattacks before making it available to download. Software developers will offer patches and upgrades to ensure that your user experience is the best and safest it can be.
But cybercriminals are unrelenting in their desire to obtain your data, and will look to exploit any weakness or vulnerability. There are a few things that you can do, either as an individual or an enterprise organization, to protect the apps that you use.
Operating systems and most mainstream applications—for example, word processors and music apps—will issue updates or patches. Some of these offer improvements in functionality, but the majority will be to patch a known security weakness or vulnerability in the software, or to improve the application’s security. Cybercriminals and hackers will focus on these applications looking for exploitable vulnerabilities. When one is identified, they’ll move quickly to write malicious code. If successful, this malware can take control of the application or intercept data being accessed by it, until the next patch is released, and the cycle starts over again.
As part of a robust security process or policy, you should ensure all applications used on your device have the latest patches or updates.
Most applications are developed with a balance of security and usability in mind. All applications come with a default configuration designed for optimal usage and to allow as much access as possible. Some might have a default user account—admin, for example—with a standard default password.
Cybercriminals are quick to identify these vulnerabilities, and exploit them by using default settings to access your applications. It’s vitally important that you check your application configuration settings and, where possible, change the passwords on default accounts and settings. This small step can often thwart an attacker and improve the confidentiality of your data, and the integrity of your application.
Every activity that you carry out, from an instant message application or just using your browser, is tracked and recorded. A small part of this is so developers can improve the application. However, the majority of data collected is used by advertisers to offer targeted content based on the things you’re looking at, or doing.
All applications give you a degree of control over what data is collected by providing privacy settings—these vary with each application. For example, a map application may have privacy settings that prevent it from recording the routes you’ve used. A shopping application can be told not to remember the items that you were browsing.
It’s good practice to locate the privacy settings and tailor them to what you want.
Every browser offers the ability to clean up unused cookies or to remove all of them from your browser. It’s good practice to periodically do a clean-up of cookies. However, there’s another way to manage your cookies by using the private browsing window in your browser. You may have seen them as incognito or privacy windows. This offers a higher level of security, to let you browse with more confidence. When you close the browser window, all cookies and any history are automatically deleted.
Using verified applications
Just a few years ago, the only way to get an application was to buy it from a shop, take the box home and use the CD-ROM to install it on your computer. For all its antiquated aspects, this was by far the safest way to obtain and then use software. The internet has made the world a smaller place, and you can now obtain applications from the comfort of your chosen device without leaving home. There’s a huge choice of online shops offering the best opportunity for you to find the app you’re looking for. But for every genuine shop selling an app, there’s likely to be another offering a cheaper version, which might contain some unwanted additions.
A cybercriminal might copy the latest or bestselling app and hack it to include malware. Then they can make it available through a store, selling it cheaper than anywhere else. We all like a bargain, especially if it means getting the latest app at a fraction of the price. The compromised app might well behave exactly as the genuine one, but underneath the hood the cybercriminal can search your device for personal or sensitive data. This can then be extracted and used for their own purposes.
As a matter of good practice, you should always download your apps from verified and trusted stores.