YESsafe AppProtect+ protects Android Apps against StrandHogg and other attacks

�

SINGAPORE -�Media OutReach�- 3 December
2019 - StrandHogg, a serious Android flaw, has been
reported by BBC News and i-Sprint has found that most of the popular Android
Apps in APAC are also vulnerable. StrandHogg can be very damaging and costly to
Android users.

In recent
news reported by BBC News, a Norwegian app security company, Promon, has
identified a serious Android following an attack on several customer bank
accounts and detected a vulnerability in the Android system.� Promon named it as StrandHogg that allows
real-life malware to pose as legitimate apps, with users unaware they are being
targeted.� Promon scanned top 500 popular
mobile apps in the world, and they are vulnerable to StrandHogg.�

StrandHogg is
unique because it can be
exploited with or without root access to any Android devices, and it affects
all versions of Android, including Android 10.�
By taking advantage of a weakness in the
multitasking system of Android to enact powerful attacks, this allows malicious
apps to masquerade as any other app on the device. This exploit is based on an
Android control setting called 'taskAffinity' which allows any app - including
malicious ones - to assume any identity in the multitasking system they desire
freely.�

�

i-Sprint has also done our own
investigation by sampling 100 popular Android Apps across APAC and we found
that all of them are susceptible to this vulnerability.� The consequences of exploiting this
vulnerability by a malware include steal of usernames and passwords, drain bank
accounts, track victim's movements and location, steal private SMS messages and
photos, access victim's contact list and phone logs, spy through a phone's
camera and microphone.

�

i-Sprint product,
YESsafe AppProtect+, is a Runtime Application Self-Protection
(RASP) solution that helps companies to protect their iOS and Android apps by
blocking attacks in real-time.�
AppProtect+ proactively protects mobile apps against various risks and
attacks.� AppProtect+ can prevent passive
attacks (like reverse engineering, repackaging and source code modification),
and respond by taking necessary measures if real-time attacks are detected
during app running. Mobile apps protected by the solution can also run securely
even on a highly infected mobile device

�

Albert
Ching, CTO of i-Sprint, said "Our latest version has introduced a new feature
for the protection of task hijacking as reported in StrandHogg.� Therefore, our existing customers are equipped
with the necessary protection tool even before the announcement of the
StrandHogg vulnerability.� We will
continue to deliver new security features to help our customers to secure and
protect their mobile apps against various attacks."

�

Dutch Ng,
CEO of i-Sprint said, "As people are spending more time using their mobile
devices to browse content, online shopping, transaction, etc., cyberattack
cases targeting on smartphone devices are also increasing. Companies need to be
more alert and diligent in ensuring their apps will not be the next victim of
such vulnerability."

�

i-Sprint is
currently providing a free assessment to organizations who want to find out
whether their app is susceptible to StrandHogg vulnerability. For interested
companies, please visit www.i-sprint.com/solutions/strandhogg
to participate in the free assessment.

Be
proactive, be safe, secure your company app with YESsafe AppProtect+.

For
enquiry, please email i-Sprint at [email protected].

About i-Sprint Innovations

i-Sprint Innovations (i-Sprint) is a leading provider in
securing identity and transactions in the cyber world. i-Sprint's unique brand
of products, intellectual properties, and patents are designed to meet the
security business requirements of enterprises in industries that are security
sensitive, require channel monitoring and quality data for better user
management.�

Our products include adaptive authentication (biometrics,
multi-factor authentication etc.), single sign-on services, end-to-end
encryption (E2EE) authentication, data protection for transaction data and to
secure access to the web, mobile, and cloud-based applications, and product
identity for track and trace.

i-Sprint's clients include leading FSI, government,
telecommunications, public utilities, manufacturing, healthcare, education, MNC
and others.