Hackers are turning to AI tools to reverse engineer millions of apps – and it’s causing havoc for security professionals

A marked surge in attacks on client-side apps could be due to the growing use of AI tools among cyber criminals, according to new research from Digital.ai.

More than eight-in-ten applications are under constant attack, marking a near 20% increase compared to last year, the study found.

Attack rates are rising fast across all industries, most significantly in telecoms, where more than nine-in-ten organizations were attacked, followed by financial services at 88%.

Notably, industries such as healthcare and automotive are now under significant threat, with 86% of automotive apps and 79% of healthcare-related applications under attack.

While Android apps have in the past been the main target, with 90% affected, the gap has narrowed. The number of iOS attacks has risen to 88%, thanks to jailbreaking and more sophisticated exploitation techniques.

Environment attacks, where apps run in compromised conditions such as rooted or jailbroken devices, affected 84% of Android apps and 80% of iOS apps.

"For enterprises, apps represent a gainful bridge to their consumers and employees, but for threat actors, these apps represent lucrative targets," said Derek Holt, CEO of Digital.ai.

"Today, we see more attackers expanding their focus to target not just flagship apps but secondary apps, plugins, add-ons and more".

Android’s open architecture raises questions

The study specifically highlighted the rise of ‘instrumentation attacks’, which involve dynamic code modification or hooking frameworks like Frida.

These were much more common on Android, researchers found, occurring at a rate of 82% compared with 44% on iOS.

A key factor here is because Android’s open architecture makes it more susceptible to runtime manipulation, whereas iOS has stronger built-in restrictions.

Integrity attacks, meanwhile, where app code is modified or repackaged, affected 52% of Android apps and 23.3% of iOS apps.

Again, Android’s app distribution model and third-party app stores make it easier for attackers to distribute modified apps, whereas iOS has tighter app store controls.

Attack surfaces are growing

Concerningly, the attack surface is growing, with Apple’s App Store and the Google Play store together offering nearly four million apps for downloads, with 137.8 billion downloads in 2024.

The rise of effective and freely-available AI tools has made it easier than ever for threat actors to easily reverse-engineer, analyze, and exploit many of these applications.

It’s also given rise to a burgeoning community of threat actors, many of whom are taking advantage of reverse-engineering tools such as Frida and Ghidra, sharing ideas, tips, and tricks.

Meanwhile, AI tools are fueling a further rise in the rapid development of malware, while supporting threat actors in conducting source code analysis.

"As AI exponentially increases the capabilities of threat actors, businesses must dramatically increase their ability to protect and monitor all applications against reverse engineering, tampering, and man-in-the-middle attacks," said Holt.

"Delivering applications without these security protections is like leaving your front door unlocked and wide open."

MORE FROM ITPRO

• NSA: Benefits of generative AI in cyber security will outweigh the bad
• Generative AI's cybersecurity potential is clear, but so far it's given hackers the upper hand
• What do security pros want from generative AI?