An analysis of 10,000 mobile apps has found that a significant portion of them are open to web API hijacking – thanks to inconsistencies between app and server logic in web APIs.
An analysis of 10,000 mobile apps has found that a significant portion of them are open to web API hijacking – something that potentially affects the privacy and security of tens of millions of business users and consumers globally.
The root of the threat lies in the inconsistencies that are often found between app and server logic in web API implementations for mobile apps. Researchers at Texas A&M University created the WARDroid framework to crawl applications, automatically carrying out reconnaissance and uncovering these kinds of inconsistencies, using static analysis, along with what kinds of HTTP requests are accepted by the server. Once an attacker has the information on what these requests look like, he or she can carry out their own actions by tweaking a few parameters.
For More Details :
https://threatpost.com/wardroid-uncovers-mobile-threats-to-millions-of-users-worldwide/132525/
