As digital transformation continues to gain momentum, Application Programming Interfaces (APIs) have become a critical part of software development, particularly when it comes to introducing new and innovative features to the mobile apps we use most often. However, this increased reliance on APIs has also opened up more attack vectors for malicious hackers to exploit.
Mobile apps are connected to a variety of APIs, each of which presents a potential opportunity for hackers to access sensitive information such as encryption keys, digital certificates, and user credentials. I recently discussed this issue with Ted Miracco, CEO of Approov, at the RSA Conference 2023. He also spoke about how hackers can use ‘man in the middle’ attacks during a mobile app’s runtime to manipulate the communication channel between the app and the backend API.
To illustrate the seriousness of this issue, Approov conducted a study of 650 financial services mobile apps from institutions across Europe and the US. The results were shocking: the researchers discovered that 95 percent of the apps were vulnerable, with ‘high value’ secrets accessible in 25 percent of them.
It is clear that API security needs to be improved if the risk of attack is to be reduced. Until next-generation solutions become more widespread, it is important to be aware of the potential threats posed by APIs. I will continue to monitor the situation and report any developments.
Source: Thelastwatchdogs
To mitigate these potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.