First Post-build Injectable Detection and Defense - Requires no Programing
DashO now offers the first fully injectable debugger defense feature set (no coding required – the behaviors are injected just prior to obfuscation).
The Threats are Real and Immediate
Hackers use Debuggers to:
- Read data from your application (bypassing encryption and other techniques used during transmission and/or storage),
- Insert and modify data inside your application (subverting behavior and corrupting system integrity)
- Interrupt the flow of your application (circumventing all levels of control and governance)
- Trace logic and the flow of your application (exposing intellectual property for reuse and exploitation)
- Bypass entire blocks of application logic (voiding authorization and access controls)
Using these techniques, a hacker can gain access to systems and data far beyond any one application. A hacker can view encryption functions and the values of dynamic keys and observe when and how sensitive information is saved to your file systems and databases.
How easy is the debugger exploit?
Here’s a 3rd party blog showing how easy it is to attack your Android apps: Attacking Android Applications With Debuggers.
For the first time, developers can inject the following behaviors into your Java/Android applications (no coding required)
- Auto-detection that your production code is authorized for debugging and/or attached to a debugger
- Real-time defense behaviors including immediate exit, random exception generation or custom logic that can change application behavior and/or modify any/all data accessible to the application
- Real-time alerts to an endpoint of your choosing that can include both application-specific and custom data to better identify and mitigate any potential threat.
How much does this new capability cost?
This functionality is bundled into the standard DashO obfuscation license at no additional expense. If you are already a licensed DashO client with sufficient installations and users, there are no additional fees.