CIO Influence
CIO Influence News Mobile

Approov Identifies and Addresses Apple Watch Security Issues

Approov Identifies and Addresses Apple Watch Security Issues

New Release Fortifies Mobile App Security with WatchOS Support, Global Presence, and Enhanced User Experience

Approov, the leader in mobile security, revealed new data indicating that watches, wearables and new devices are now the weakest link in the mobile app threat landscape.

You are as strong as your weakest link. Handling mobile app security is worthless if an attacker finds a path from a wearable to your APIs and exposes you to potential data loss, malware injection, Man-in-the-Middle attacks, credential stuffing, DDoS, etc.

Key findings include:

  • Watches and other wearables now communicate directly with backend APIs and services.
  • An Apple Watch “zero-day” vulnerability was uncovered in September 2023.
  • Unless protected, watches and wearables will become a rich attack vector for hackers.
  • Approov extends its mobile RASP to Watch OS to prevent exploitation of any new zero-day vulnerabilities.

CIO INFLUENCE News: o9 Solutions Empowers Barilla With Integrated Planning Capabilities

Apple and MIT recently published a study indicating that 2.6 billion personal records were exposed through data breaches over the last two years. These findings underscore the need for protecting data in the cloud through mobile attestations and improved API security.

Approov, a trailblazer in mobile app and API security, addresses this threat directly with Release 3.2. The release introduces groundbreaking features, including the first commercially available App Attestation Solution for Apple WatchOS to provide API Protection against emerging threats.

PREDICTIONS SERIES 2024 - CIO Influence

The release also includes Harmony OS support and deployment of extended global Points of Presence (PoPs), and improved ease of deployment and administration.

Approov’s Runtime Application Self Protection (RASP) defenses are also strengthened by extending threat detections to include the latest versions of tools used by hackers to attack apps and APIs.

“The newly released Apple Watch Series 9 and Ultra 2 will certainly be the gift of choice this Christmas. However, as watches and wearables proliferate and communicate directly with backend APIs, attack surfaces are exposed on these devices,” said Approov CEO Ted Miracco. “You are as strong as your weakest link and taking care of mobile app security is worthless if an attacker finds a path from a wearable to your APIs and exposes you to potential data loss, malware injection, Man-in-the-Middle attacks, credential stuffing or DDoS attacks.”

The danger is real: In September, Citizen Lab found an actively exploited zero-click Apple vulnerability which was used to deliver NSO Group’s Pegasus mercenary spyware. Apple acknowledged the threat to all their devices, issuing a specific WatchOS Security briefing on November 9 concerning a vulnerability in Apple Wallet on WatchOS. Apple quickly released a fix but acknowledged that “A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited”.

Approov now extends all the protections available on mobile apps to WatchOS. Approov support of WatchOS allows direct registration of WatchOS apps and ensures API protection against malicious traffic that is communicating directly from the watch to the cloud. WatchOS support is added to the existing support for Android Wearable Devices (which has been available since Version 3.0)

Approov Adds Huawei HarmonyOS Support: A Global Imperative

As a widely adopted operating system in regions such as China, India, the Middle East, and Africa, HarmonyOS plays a crucial role in the global mobile ecosystem. Recognizing the prevalence of this platform, Approov now ensures that mobile applications operating on Huawei devices are seamlessly integrated into our attestation services.

Approov attestation services traditionally supported Android and iOS devices, but the inclusion of Huawei HarmonyOS significantly broadens our platform coverage. This expansion is vital to offering a truly global solution, as any unattested mobile application poses a potential risk to API security, regardless of its geographical origin.

In collaboration with Cylab-Africa, Approov reinforces its commitment to a global solution for mobile app security. Version 3.2 extends support for Huawei app store deployments, catering to developers worldwide.

CIO INFLUENCE News: Reltio Achieves Select-Tier Partner Status with Snowflake

Enhanced High-Performance Worldwide Coverage

Approov expands its global network with new Points of Presence in São Paulo, Brazil and Singapore. These additions, coupled with existing points of presence (PoPs) in Europe (Dublin) and North America (California), create a worldwide low-latency mobile attestation network.

“At Approov, we understand that our global customer base requires the highest-performing mobile attestation network. Our expanding customer base in South America and the Asia Pacific region demands not just security but performance. Our commitment to providing superior security solutions wherever our customers operate is essential to protection against an evolving mobile threat landscape.” – Theodore A. Miracco, CEO, Approov Inc.

This move bolsters Approov’s commitment to achieving new levels of security by mitigating bot attacks, Man-in-the-Middle (MitM) attacks, account takeover (ATO) and other threats to mobile APIs, thus ensuring optimal performance and reducing fraud and data breaches.

New Threats are Addressed

The new release also boosts Approov’s RASP feature set to include new countermeasures against emerging and evolving threats. This includes significant hardening improvements to the SDK, including static and dynamic anti-tamper measures. Additionally, Approov’s ThreatLabs have developed further Android based detections for DobbyHook, Magisk, Zygisk, and Zygisk-Frida to fortify defenses against these advanced hacker tools. These changes augment the comprehensive suite of detections that are already implemented. In addition, the dynamic security-policy update facility will be used to improve the detection capabilities of existing deployed apps that currently use Approov’s previous SDKs.

Increased Ease of Use for DevOps/Developers

Approov continues to focus on easing the security burden for developers, DevOps and DevSecOps teams. New features simplify app registration and management, providing an automated and streamlined integration experience. The elimination of the need for individual app registrations and the introduction of tools for managing different app versions reduce complexity. Approov also enhances the registration of developer devices for testing, ensuring a secure and efficient device farm testing process.

Approov Mobile App and API Security Software Release 3.2 reaffirms the Company’s commitment to continued innovation in order to ensure there are no weak links for its customers.

CIO INFLUENCE News: Anuta Networks Unveils Its AI-Powered Virtual Assistant That is Poised to Transform Network Automation

[To share your insights with us, please write to sghosh@martechseries.com]

Related posts

Citadel Securities and Google Cloud Announce High-Performance Computing Study with Harvard University to Advance Heart Disease Research

PR Newswire

disguise Announces Collaboration with NVIDIA

Business Wire

Zerto Joins AWS ISV Workload Migration Partner Program to Accelerate Adoption of its Cloud Data Management and Protection Solutions