Software Monetization

Defending Mobile Financial Applications from Attack

Mobile Banking

When a bank's server encrypts data and sends it to a mobile application (that has a key to decrypt it), the data is protected in transit, but nothing is protecting the encrypt/decrypt operations themselves. Left unprotected, the attacker can easily extract an unencrypted copy of the data.

More importantly, without advanced protection in place, the attacker can easily extract the encryption key being used, allowing them to decrypt all data that is encrypted with that key. Depending on how the application manages keys, this may allow the attacker to decrypt all past and future data sent by the application and possibly even all data sent by all users of the application.

In order to prevent this type of scenario, cryptographic operations need to be protected from attackers that have access to the device. Note that the attacker does not necessarily need to physically access the device, nor do they need to manually attack each device individually. They simply need to be able to execute code on the device, so this kind of attack can be (and has been) deployed against huge numbers of devices through malware.

White-Box Cryptography

Mobile Banking

White-Box Cryptography is a software solution to this problem that aims to allow the same type of protection offered by hardware cryptography to be used on all devices and, being a software solution, provides several advantages over hardware solutions, including greater flexibility (developers have more choice of cryptographic algorithms to use and can switch between them) and simplicity (a single solution works across all devices, no need to interface with hardware).

White-Box Works is a new, unique solution for adding White-Box Cryptography to applications. It provides significantly better protection against attacks than existing solutions and is more flexible, allowing its use in a wider range of contexts. It achieves this without compromising ease of use or performance compared to other solutions.

We look forward to hearing from you

Please reach out and let us know how we can help with your software security.