Upload
others
View
4
Download
1
Embed Size (px)
Citation preview
Prologue
01
02
03
04
Current status of mobile application security
Current status of game application security
Actual cases of damage regarding mobile applications
Problems with regard to existing solutions
Introduction of LIAPP
01
02
03
04
05
LIAPP is
Distinct features of LIAPP
LIAPP beyond obfuscation
Main functions of LIAPP
Advantages to LIAPP
Product details
01
02
03
04
05
Statistics screen of LIAPP
Function comparison table of LIAPP
Customer support
Projected effects
Compliance Company introduction
01
02
03
Company introduction
Vision
Client companies
PrologueChapter Ⅰ
Current status of mobile application security
Current status of game application security
Actual cases of damage regarding mobile applications
Problems with regard to existing solutions
Current Status of Mobile Application SecurityChapterⅠ Prologue
[Digital Times] Poor Security Level ofMajor Company Applications’
IBM report…security vulnerability of 40% of fortune 500 companies have been revealed
The greatest weakness of mobile applications is that the data for businesses can be exposed to risks of attacks.
http://www.dt.co.kr/contents.html?article_no=2015040302100351800001
Promoting only convenience in a mobile environment and neglecting security could cause a disaster.
Establishing a higher level of security is not a priority of a company, and therefore security has become vulnerable, which makes hackers find it easier to commit cyber crime.
A half of all companies do not allocate a budget on security when they initiate an application and 40% of the applications of Fortune 500 companies are vulnerable. Only 5.5% of the budget of 34 million dollars invested in the development of mobile applications are spent on strengthening security.
※ IBM-Sponsored Ponemon Institute Study Reveals Alarming State of Mobile Security for Apps
[Security news] Report on ‘Current Status ofMobile Application Security’ published
An increase in hacking into top 100 mobile applications year on year
Poor self-protection capabilities of mobile application
http://www.boannews.com/media/view.asp?idx=44968
97% of the top 100 charged Android applications were hacked.
80% of the free Android applications were hacked.
95% of the Android financial applications were cracked.
90% of the Android business applications are in danger.
Self-protection capabilities of applications must beplaced ahead of the protection for
IT infrastructure as a new investment sector.
Top 100 charged applications The percentage of applications were hacked
100 Apps for each OS
hacked hacked
cracked danger
Android IOS
※ ARXAN - State of Mobile App Security
not hacked
hacked
not hacked
hacked
While G-star Durango was being displayed, we got a request to deal with a problem that the sound system was not working on one of the devices. The staff checked the problem, which turned out to be a failure of the device recognizing a headphone. On the menu, lots of suspicious Chinese applications were installed. It seemed to be rooted for they were not removed even after the factory reset.
[Market] Market Size of the Mobile Game is29,000 billion KRW Strong Growth of the Mobile
Game Market, But Security is a problemThe market size of the mobile game in 2015 25 billion dollars
Android is superior in the mobile game
[Real Events] ‘Source Code Leakage’ ofMobile Game Applications
Launched Without Security MeasuresPossibility of Android popular free game application being hacked
Prevention measures on hacking into mobile game applications are required
Security awareness is exceptionally low considering
the game market growing at a high speed.
87% of the popular free game applications
can be decompiled.
The application of a security solution to mobile
game applications exposed to the danger
of hacking is urgent.
South Korea recorded 137 billion dollars in sales.
The population playing games worldwide is 1.5
billion, which has been a 20% increase every year.
The sales volume of South Korea is a quarter of that of Japan or China, but considering the total price of consumption on mobile games per head ranks second following Japan.
Android is superior in OS sales compared to iOS.
Top 100 free gameapplications
87% of them can bedecompiled
A two-year of devotion to a new game went
down the drain due to a copied application only
after two hours the game had been launched.
The number of client companies which
launched a game without a proper security
solution jumped.
A hack occurred on a game display device
displayed in 2015 G-STAR Event.
The corresponding device was replaced, but
there is a possibility of source code leakage
in the game which is not launched yet.
Prevention measures through
the security solutions for mobile applications
are crucial.
Current Status of Game Application SecurityChapterⅠ Prologue
Security for mobile applications is a must not a choice
Actual Cases Regarding Mobile ApplicationsChapterⅠ Prologue
Source codes of mobile
applications which are a
fundamental core of
a program can be easily
discovered.
Mobile
applications can be
easily copied and illegally
distributed through
illegal analysis.
Mobile applications
exposed to the danger of
hacking may leak sensitive
information and
cause financial damage.
Hackers randomly
hack every kind of
applications including
games, finance
and shopping.
Due to a short length of
development period, we lack
time to examine and combat
all kinds of the attacks
on mobile Applications.
‘A middle schooller hacked a mobile game to take more than KRW 100 million
An illegal use of other’s name for app card
What are the solutions for preventing hacking over public institutes? 5 billion android apps expose to hacking risk
U.S. security agency
Damages by smartphone hacking game to happen in succession
‘A new mobile game’ hacked by group hacker as soon as launched
KB, engages in the leakage of password andsecurity card numbers for online banking
Problems With Regard to Existing SolutionsChapterⅠ Prologue
Existing solutions for mobile applications have little changed from the security structure of PC
Unlike on programs for PCs, source codes of Android applications can be easily discovered
and hacked using a simple tool, which means its security is vulnerable to hacking.
Source code leakage
Source codes of mobile applications whichare a fundamental core of a program can
be easily accessed, illegally copiedand distributed through simple analysis.
Tampering
Tempering can be easily applicable usingpublicized various tools and existingobfuscation solution is vulnerable to
this practice.
Memory alterationhacking
The security structure applied toPCs is not capable of offering
fundamental prevention and thereforea new solution is being required.
Repackagingdistribution hacking
A short length of development period doesnot give applications capabilities to
comeback the attack and existing solutionsare not enough to prevent repackaging
distribution and hacking.
sourcecode
leakage
LIAPP _ Mobile App ProtectorChapterⅡ Introduction of LIAPP
LIAPP is a solution optimal for mobile platforms:
It protects the source code and
applications by encoding them.
Protect
It detect various hacking tools and
virtual machines which can pose a serious
threat to applications to fundamentally
prevent hacking.
Prevent hacking
It protects important information
such as library through encryption.
Encryption
It blocks decompiling and debugging
to prevent analysis.
Prevent analysis
It can be easily and quickly applicable.
Easily and quickly
LIAPP is a strong application protector designed to be suitable for mobile environments
Activate in 1 click only
LIAPP can activate
all the protection function
using a Cloud server with
just one click
Distinct features of LIAPPChapterⅡ Introduction of LIAPP
Ultimate activation speed
Keep the same
running speed even
when
LIAPP is on
Strong security power
LIAPP prevents source code
leakage and blocks all the
hacking threats by source code
protection and all kinds of hacking
that can happen in Android can
be fundamentally prevented
Authorized stability
LIAPP has confidence of 100%
compatibility with all the
home/abroad released devices
and newest Android OS.
Its security and compatibility
will be continuously verified
LIAPP is easy, fast, strong and stable
LIAPP is not a simple word rearrangement but an encoding solution fundamentally preventing every hacking tool.The Obfuscation method which rearranges the source code for the hacker to find it hard to
understand is vulnerable to attacks by hackers with vicious purposes. For the original source to be invisible,LIAPP provides strong security by encoding the source code of an application.
LIAPP Beyond ObfuscationChapterⅡ Introduction of LIAPP
LIAPP is an application protector beyond obfuscation
LIAPP provides strong security through encoding whole source codes
Source code obfuscation LIAPP applied
Main Functions of LIAPPChapterⅡ Introduction of LIAPP
LIAPP prevents hacking by providing every security function required for protecting applications
It prevents a leak of
source codes by encoding
the whole source code.
Source protection
It prevents malicious
memory hacking.
Library protection
It detects and prevents
symptoms of tempering in
a program.
Anti-tamper
It prevents hacking and a leak
of information by protecting
important library.
Library protection
Program analysis
through debugging is
Fundamentally blocked.
Anti-debugging
It prevents a leak of source
codes by protecting games
engines like Unity.
Game engine protection
By protecting important information
files used in an application, It
prevents redistribution after forged
and altered by a malicious activity.
Block the repackaging
It prevents hacking by
detecting a virtual machine
environment which can be
used as a hacking tool.
Virtual machine detection
Immediate implementation
is possible when the fully
developed APP is uploaded
onto the LIAPP server using
a web browser.
APPLICATION LIAPP SERVER
Simplified button
implementation is possible
without any additional
program installation or
separate coding.
There is no need to learn
additional operating
instructions, since security is
implemented automatically
with just a simple click.
Security can be easily
implemented without
using any additional
resources for security
implementation.
LIAPP is applicable with only one click
Advantages to LIAPPChapterⅡ Introduction of LIAPP
Any difference isn’t
shown for its
performances of the
file size, runtime, etc.
before and after
LIAPP is applied.
Compatibility tests
on around 150 devices
home and abroad
and the newly introduced
OS version have been
completed.
A Chinese devices
test conducted
by a portal company
in China
confirms 90% of
compatibility.
The compatibility test
will be continuously
conducted using a device
test center provided by
mobile companies and
application centers.
Advantages to LIAPPChapterⅡ Introduction of LIAPP
Before LIAPP is applied After LIAPP is applied
LIAPP is light and its compatibility is excellent
Type File
Date of revision
Size
Type File
Date of revision
Size
Any difference isn’t
shown for its
performances of the
file size, runtime, etc.
before and after
LIAPP is applied.
Compatibility tests
on around 150 devices
home and abroad
and the newly introduced
OS version have been
completed.
A Chinese devices
test conducted
by a portal company
in China
confirms 90% of
compatibility.
The compatibility test
will be continuously
conducted using a device
test center provided by
mobile companies and
application centers.
Advantages to LIAPPChapterⅡ Introduction of LIAPP
LIAPP is light and its compatibility is excellent
An increasing rate
of the size of a file is
less than 1%
Before LIAPP is applied
After LIAPP is applied
APK(stand by/file) protection
RUN (execution) protection
Advantages to LIAPPChapterⅡ Introduction of LIAPP
LIAPP protects even when an App is not running as well as while it is running
It prevents analysis throughdecompiling or engineering
by encodingthe whole source codes.
Source code protection
It prevents importantinformation files of an application
from being forged/alteredand redistributed.
Block the repackaging
It blocks hackingand prevents a leak of
information by protectingimportant library.
Library protection
It prevents a leak ofsource codes by protecting
core functions requiredfor operating a game.
Game engine protection
It blocks memory hackingduring an applicationexecution caused by
a hacking tool.
Memory protection
It prevents debuggingfor an application
not to be analyzed whileit is executed.
Anti-debugging
It detects symptoms oftampering while an applicationis running, and instantaneously blocks it even if it is processed.
Anti-tampering
It prevents hacking througha virtual machine by checking
if an application is being Executed on an actual device.
Virtual machine detection
- beyond Obfuscation
about LIAPPChapter Ⅲ
Statistics Screen of LIAPP
Function Comparison Table
Customer Support
Projected effects
Compliance
Attack-detection information including anti-bugging,
tampering, hacking tools, virtual machines, manager
authority is provided.
A graph showing changes in detection rates and
detection success rates according to the type of attack
is provided for the issues to be promptly recognized.
Information on who visits most frequently and
detection rates helping to recognize an attack
beforehand is provided.
Mobile system information
such as device details and an operating system of
a user is provided.
Statistics ScreenChapterⅢ about LIAPP
※ Support is available from Android OS 2.3 or higher
Function Comparison Table of LIAPPChapterⅢ about LIAPP
Function LIAPP Obfuscation Method Anti-tamper
Source protection
Anti-debugging
Library protection
Memory protection
Virtual machine detection
Game engine protection
Anti-tamper
Block the repackaging
Function Comparison Table between LIAPP and products using obfuscation methods
ChapterⅢ about LIAPP
Tampering by vicious activities and redistribution are blocked.
Program analysis through de-bugging is prevented.
TInformation leakage and hacking can be preventedby protecting important library.
Memory hacking is blocked.
Hacking attacks are blocked by detecting virtual machines.
Source code leakage is blocked by protecting game engines.
Tampering in a program is detected and prevented.
The customer support center of Lockin Company operates 24 hours a day using various tools including phone calls, e-mails, messenger
and social networking, and therefore services can be provided promptly even if sudden hacking and vicious attacks occur.
Customer SupportChapterⅢ about LIAPP
Prompt responsethrough e-mail
Communicationthrough e-mail
Respond to hacking tool attacks reported within 24 hours
24-hour support center
Tel +82.70 . 4369 . 2213
Mail [email protected]
Massinger @liapp (kakaotalk)Contact with a developer through messenger
Communication through messenger
Projected EffectsChapterⅢ about LIAPP
Core technology can be protected by blocking source code
analysis and illegal copy.Protect copyright
All-In-One solution in hacking block, anti-tampering and obfuscation
all at once is cost effective compared to separate solutions.Cost reduction
Productivity can be improved due to resource reduction required
for security in application development.Productivity improvement
Company credibility down caused by vicious hacking can be
prevented by blocking tampering and illegal distribution.
Prevent companycredibility down
Access of hacking programs is fundamentally blocked
and therefore the service credibility can be improved.
Service credibilityimprovement
Sensitive information leakage can be prevented since produced
resources are encrypted before saved.
Prevent personal Information leakage
Through LIAPP, you can find it easy to comply with the rules regarding mobile transaction such as a request of measures concerning
terminal security for mobile transaction from the Financial Supervisory Commission and amended electronic finance transaction law.
ComplianceChapterⅢ about LIAPP
Electronic finance transaction law article 11814 was partly amended and
publicized(May 22, 2013) and enforced(Nov. 23, 2013).
Enlargement of responsibility of financial companies
The responsibility of financial companies were legalized by the amended electronic
finance transaction law article 9 section 1.
In case of hacking, caused by access media acquired by illegal methods,
electronic financial businesses are liable for the damage caused(Article9 section1)
Financial companies are also liable for the damage caused by hacking through
a personal mobile device.
There is a possibility of imposing responsibility of dealing with financial service users
with vicious purposes to report false hacking on financial companies.
Amendmentto Electronic finance
transaction
Existing law(section9) imposes responsibility on financial companies only when accidents are caused by tampering of certificate for finance transaction.
After amendment Financial companies are liable for damage caused by hacking through illegally analysis and program tampering.
Electronic finance transactionArticle 9 section 1
Lockin Company specializes in mobile security
Company IntroductionChapterⅣ Company Introduction
Overview| Name of the company | Lockin Company
| Date of establishment | September 16, 2013
| C E O | Choi, Myeong-gyu (최명규)
| Field of business | Android application security and software development
| Starting capital | 0.76 billion won
| Address | Samwhan hipax A-618, Pangyoyeok-ro 240, Bundang-gu, Seongnam-si, Gyeonggi-do
| Homepage | www.lockincomp.com
History
CEO Profile
[Background]
CEO of Lockin Company Inc.
Established Lockin Company Inc.
Previous security manager at Neowiz Games
New-tech wave security consultant
Korea Graduate School of Information Security
Establishment of Lockin Company Inc
Participation in 2013 Seongnam International Game Festival
Participation in Neofly Demo Day supervised by Neowiz
Enterprise lab. Authenticated (Article 2014113540)
LIAPP, SaaS type Android application protection service, formally introduced
Patent regarding application security system registered(Article 10-1451323)
Venture enterprise authenticated (Article 2014113493)
Fifth accelerator spark lab, Participation in Demo Day
Cloud security business partnership with Hostway, a global company
Sales increased by 200% in the first half of 2015
Participation in 2015 G-STAR
Mobile security company for KDB Bank, Attracted initial investment
Lockin Company and its national best security professionals make every effort to develop products
with core functions for mobile security anyone can find it easy to use, with its vision,
“not a big dummy, only essential features”.
VISIONChapterⅣ Company Introduction
PARTNER
List of companies using LIAPP
Client companiesChapterⅣ Company Introduction
National leading company in the field of mobile application security
Even reference in every sector including games, finance and general companies
200% growth quarterly after one year the first product was introduced to the market