Research

To stay ahead of emerging threats, we have to understand the methodology of current attacks and the tools and technologies being used to attack software. Arxan has a dedicated team of researchers that has the depth of knowledge and experience to stay ahead of the attackers.

We focus on:

  • Identifying the mechanisms of attack against Apps
  • Creating unique defense and detection algorithms against attacks
  • Prototyping next-generation protection products
  • Ensuring that our current products can withstand real-world attack

Additionally, we are involved with security conferences and academic consortiums worldwide, giving us bleeding edge access to the latest developments in the world of information security.

Real Breaches, Real Risks

Below is only a small sample of breaches, vulnerabilities, and risks that happening at an accelerated rate.

networkworld

Headline: Researchers revealed vulnerabilities in insecure APIs which could allow hackers to remotely control the heating and air conditioning in a Nissan Leaf.
“The vulnerabilities are in the mobile management APIs…If anyone has your VIN, and you use the app, then they too can control those options via a web browser.”

February 24, 2016

cad-logo

Headline: Hackers Can Hack Smartphone Bank Transactions
“The transferring of TAN Numbers on the phone for online banking is apparently much less secure than previously thought… scammers have captured more than one million euros with a chopped TAN number.”

January 4, 2016

usa-today-logo

Headline: FBI said to probe breach of Juniper Networks VPN software
“U.S. officials are investigating a recent breach of Juniper Networks software over concerns the ‘backdoor entry’ allowed a foreign government to tap into communications of the U.S. government.”

December 19, 2015

stack-logo

Headline: Trojanised adware, including newcomer ‘Shuanet’, infects 20,000 recoded Android apps
“A new report from internet security company Lookout has found that over 20,000 Android apps, including ‘recoded’ versions of legitimate apps such as Facebook, are infected with Trojanised adware that roots Android devices, leaving users with little recourse to either get the devices looked at by security specialists or to abandon it completely.”

November 4, 2015

bgr-logo

Headline: Nobody is safe: Major App Store malware breach may affect millions of iPhone users “A substantial security threat called XcodeGhost managed to fool App Store security and sneak into the App Store inside real App Store apps potentially affecting hundreds of millions of iPhone and iPad users on both stock and jailbroken devices.”

September 21, 2015

computerworld-logo

Headline: Key Raider — Another iOS malware steals account info and more
“Malicious code surreptitiously included with Cydia apps [has] pilfered account data…disabled some infected phones until users pay a ransom, and…made unauthorized charges against some victims’ accounts.”

September 1, 2015

security-affairs

Headline: MassVet finds unknown malicious apps in app stores in 10 Seconds
“MassVet analyzed around 1.2 million apps deployed in 33 Android apps stores discovering 127.429 malicious apps, 30.552 are hosted in Google Play.”

Read the Full Research Paper

security-intelligence

Headline: Mobile Malware Threats in 2015: Fraudsters Are Still Two Steps Ahead
“Fraudsters have all the tools they need to effectively turn mobile malware threats into one of the biggest security problems we’ve ever seen. As security measures lag and infection rates rise, cybercriminals use an increasingly wide array of schemes to monetize mobile malware.”

July 13, 2015

securityweek-logo

Headline: Flaws in OS X, iOS Allow Malicious Apps to Steal Passwords, Other Data
“In a paper titled “Unauthorized Cross-App Resource Access on MAC OS X and iOS,” researchers demonstrated that cross-app resource access (XARA) attacks are possible on Apple’s operating systems, allowing malicious applications to steal passwords and other sensitive data from other programs.”

June 18, 2015

healthcare-info-security

Headline: The Risks of Medical Device ‘Hijacking’
“Medical devices, including X-ray equipment, picture archive and communication systems (PACS), and blood gas analyzers, were infected with either ‘common’ or targeted malware. They were then used as gateways into other hospital information systems…”

June 10, 2015

usa-today-logo

Headline: Starbucks Customers’ Mobile Accounts Breached by Thieves“
Some Starbucks customers have had money siphoned out of their Starbucks mobile app by thieves using a clever new attack.”

May 16, 2015

dna

Headline: iOS and Android Targeted by Man-in-the-Middle Attacks
“Attackers are impersonating or bypassing Google and Apple app stores and using social engineering to trick users into downloading unverified apps that install malicious applications such as the Xsser remote access trojan onto a user’s mobile device…Once the malicious bundle has been installed and executed, it gains persistence – preventing the user from deleting it.”

January 1, 2015