Can Mobile Apps Defend Themselves? Yes, Says Bluebox

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Mobile security vendor Bluebox Security emerged from stealth mode last year with its first commercial product, offering a capability called instant app protect. Now the company is going beyond that with a capability that it claims will enable self-defending mobile applications.

The new capabilities aim to secure the data in mobile apps and protect against threats in real-time, explained Bluebox CEO Pamela Kostka. Dynamic application integrity protection ensures that the app is aware of threats against it and can respond to defend itself.

One of the use cases she identified is a mobile gaming company that generates a million dollars a day from in-app purchases. Blue Box's technology helps protect the app against reverse engineering, hackers and users that try to circumvent and manipulate the in-app purchasing functions.

The software has improved analytics and a dashboard that provides visibility into security events, Kostka said.

"So the CISO can get a comprehensive view into the security posture of what's happening in their mobility applications," she said.

The original instant app protect was a wrapper around a mobile application, said Bluebox CTO Jeff Forristal, while the new and evolved approach offers tighter coupling with the application that enables a significantly enhanced threat detection capability.

"A wrapper is great but when you want to know what's in an application, you need more," Forristal said.

Bluebox is not just doing static analysis of code so that common memory errors including use-after-free (UAF) will be discovered. The self defending application will also identify when there is some form of unintended code execution where new code libraries and system processes are being called, Forristal said.

Bluebox has the digital equivalent of a trip wire that notices when something abnormal happens and deviates from the normal process execution, Forristal explained.

The whole system is contextual, so if a new item is found in memory after an unexpected system process fires, that can be cause for suspicion and Bluebox can take action.

Forristal is no stranger to uncovering previously unknown Android vulnerabilities. He is credited with discovering the Android Master Key vulnerability in 2013, and in 2014 he reported the FakeID vulnerability.

"Master Key and FakeID were both born out of research and engineering to understand the foundation that all apps have to build upon," Forristal said. "Like it or not, there are some things the operating system does for you and users just inherit the security - so we challenge whether Google is doing things right."

Sean Michael Kerner is a senior editor at eSecurity Planet and InternetNews.com. Follow him on Twitter @TechJournalist.