DDoS Attack on Mobile Apps - Are They Real and How to Be Safe

Increase in DDoS attacks was one of the popular cybersecurity predictions last year. With the growth of the sharing economy, we've definitely seen an increase in the number as well as damage caused. In fact, we've got a lot of our customers asking if DDoS attacks on mobile apps are possible. The short answer is definitely yes. But this post is to understand how these attacks on mobile apps work and how you can be safe.

Let's start with some basics.


What is a DDoS Attack?

Distributed Denial of Service attack is a type of cyber attack where multiple computers or devices usually infected with malware act as a network of bots and attack a server to make it unusable.


What do DDoS Attacks on Mobile Apps Look Like?

Mobile apps, in general, are a threat to these dreaded  attacks. In fact, mobile apps have been used to control mobile devices that are used to perform such attacks as well.

One of the reasons why mobile apps are susceptible to these attacks is because it is easy for an attacker to profile the user itself and that tremendously increases the probability to be able to perform DDoS attacks on mobile apps in a successful manner.

Many social and sharing apps like Facebook, Linkedin, Instagram, Uber, Ola, Airbnb, etc. are all susceptible to such attacks because it is easier to profile individual users through their mobile devices. Another thing about mobile apps is that more often than not they aren't very well secured.

We've done detailed studies on security issues in banking apps as well as security issues in e-commerce apps and have found more than 80% of apps in both cases to be weak in security. Remember, all these apps have transactions and money involved and the expectation for security is way higher.

So how does a DDoS attack on mobile apps look like?

Well, if we take a really simple example then imagine someone built an app and put it on the mobile app store and you as a user downloaded this app. This app itself can either expose you to a DDoS attack or open up some new security loopholes on your mobile device so that it can be used for such an attack on some other server.

This basically means the attacker has control on your device via the app that they built and you downloaded. This way, you can either be a victim of a DDoS attack or a source. Neither is a good sign.

DDoS attacks cause a lot of direct damage especially to companies since it blocks web traffic leading to reduced revenue, and also adds to a high cost in terms of remediation. Additionally, there's always the threat of losing the customer's trust which you've built over the years.

Numerous Apps Used to Launch DDoS Attack from Play Store

The WireX botnet (a collection of internet-connected devices) recently cause havoc around a world and disrupted many popular services. This was one of the first and biggest DDoS attacks on Android systems. This botnet was hidden within some 300 apps which were available officially on the Google Play Store.

When users installed the app, WireX added individual mobile devices into a larger network which was then used to send junk traffic to certain websites in the effort to bring them down and make them unusable.

Google has removed roughly 300 apps from its Play Store after security researchers from several internet infrastructure companies discovered that the seemingly harmless apps—offering video players and ringtones, among other features—were secretly hijacking Android devices to provide traffic for large-scale distributed denial of service (DDoS) attacks.

Another large attack that caught everyone's attention last year was the Mirai botnet, which crippled the Internet and brought down sites such as Amazon, Github, PayPal, Reddit, and Twitter.

Related Topic- Man in the Middle Attack ( MITM ) on Mobile Applications





Features of DDoS Attacks on Mobile Apps

Some of the common features of DDoS attacks involving mobile devices and mobile apps are as follows: 

  • Most of these attacks involve both Android (60 per cent) and iOS (40 per cent) devices almost equally. 

  • Attackers generally initiate attacks with a large number of mobile devices. In a typical attack, the number of mobile devices may reach half a million and the number of requests per second (QPS) can reach up to millions. Moreover, it's difficult to track their IP address as well.

  • Attackers generally use source IP addresses which are widely distributed across hundreds of countries all over the world. 

  • It has been observed that the DDoS attacks involving mobile apps use cellular base stations as their gateway IP addresses. These stations handle both user traffic as well as attack traffic. 

In typical DDoS attacks, the attack duration and the attack frequency of the attack source IP address vary according to the target mobile app and device configuration. 


How are Attacks Involving Malicious Apps Initiated by Hackers?

Hackers follow a series of steps in order to initiate DDoS attacks involving malicious apps.

  • At first, WebView is embedded by hackers into apps and the central control link is requested. The link redirects to a page which is embedded with JavaScript files in order to obtain JSON instructions.

  • In case no attack is initiated, the JSON instruction reads - {"message": "no data", "code": 404}. The instructions are read periodically by pushing the JavaScript files into a continuous loop. 

  • When attack-type instructions are passed, the JavaScript files exit the continuous loop and JSON instructions are parsed. The JSON instructions carry all the necessary details which are required for the attack like the packet content, header, request method, target URL and also specifies parameters like attack start time, attack end time, frequency of attack and so on.  

  • After this, WebView finds out the operating system of the devices using UserAgent. Later, WebView triggers loading of Java code into a malicious app using different functions for different device types. Subsequently, based on the JSON instructions, an attack is initiated.

Once these techniques are followed and once the users install such fraudulent apps, hackers could successfully initiate DDoS attacks targeted at desired institutions and businesses. Using deceptive ads, the owners of these malicious apps attract users to install these apps.

These fraudulent apps can not only control mobile devices for initiating DDoS attacks but also access sensitive user data like location, bank accounts, contacts and whatnot. All of this can also result in identity theft and telecommunication fraud. 




How to Prevent DDoS Attacks on Mobile Apps

So, what can you do to win the battle against these attacks? These rules apply to all mobile users, irrespective of whether it is for personal or enterprise use. Needless to say, it's even more important for enterprises because of the impact of the damage these attacks can cause.

Think Twice, Always: 

Sometimes an app might sound like it's too good to be true. It's always good to look at it with some skepticism. Before you go ahead and download the app, make sure you read some reviews, check the ratings and even do a quick Google Search to know if there's some history with this app that might be troubling.

Stay Updated: 

Always ensure your mobile operating system, as well as the apps on it, are regularly updated. Manufacturers, as well as platforms and app developers, work with security companies to identify security issues and push critical updates that solve these security bugs. You won't benefit unless you update the app.

Choose Wisely:

Always search a little more for the apps that you need for a particular purpose. If you see an app with bad reviews and ratings, a deeper search can help you find other apps with the same purpose but better.

Perform Security Audits: 

Try to establish different layers of security in your perimeter. As an enterprise, you can take advantage of the variety of sophisticated mobile app security solution providers to help with your security needs. As an individual user as well, ensure you have anti-malware apps on your mobile devices to help you detect any abnormalities.

With the vast amount of data flowing through the sharing economy, these apps are without a doubt a prime target for attackers - sometimes for ransom and sometimes just to disrupt services or exploit personal data of millions of users.

Make sure you are aware of all the security risks. Ensure the same awareness for your employees as well as customers.

How can we Cope Up with These Attacks?

It becomes really difficult to defend the security systems when a massive number of mobile devices become sources of DDoS attacks.

Following traditional methods like blacklisting and rate-limiting doesn’t help and organizations have to come up with more innovative methods of security. Some of the measures which can help mitigate these threats are: 

  • Identification techniques of attack traffic must be extended. Each server request should be tested in real-time on a multi-dimensional testing platform.
  • Steps must be taken to filter out attack traffic by organically combining various dimensions like intelligent identification techniques, imposing fines and making the control unit more flexible. 

  • In order to reduce the impact on business and improve the speed of response, organizations must replace artificial troubleshooting with other techniques like machine intelligence. 
Published on Jun 21, 2018
Harshit Agarwal
Written by Harshit Agarwal
Harshit Agarwal is co-founder and CEO of Appknox, a mobile security suite that helps Enterprises and Financial institutions to automate mobile security. Over the last 6 years, Harshit has worked with over 300+ businesses ranging from top financial institutions to Fortune 500 companies to set up security practices helping organisations secure their mobile applications and speed up the time for security testing.


Chat With Us

Using Other Product?

Switch to Appknox

2 Weeks Free Trial!

Get Started Now