Security Experts:

Connect with us

Hi, what are you looking for?


Application Security

Metaforic Extends Security Protection System to BlackBerry 10 Applications

Software security firm Metaforic on Tuesday announced added support for applications running on BlackBerry 10 to its software protection portfolio.

Software security firm Metaforic on Tuesday announced added support for applications running on BlackBerry 10 to its software protection portfolio.

San Jose, California-based Metaforic’s technology would allow developers to automatically inject the company’s “software immune system” protection into the BlackBerry OS applications to create secure, self-defending software, Metaforic said Jan. 15. The immune system ensures the app can defend itself from targeted malware, repackaging, code tampering, or other attacks and unauthorized modifications.

Metaforic LogoMetaforic approaches software security differently from other companies. Instead of looking at it from an IT perspective, where the goal is to try to keep attackers out of the network and applications, Metaforic focuses on making software strong enough to withstand attacks, Metaforic CEO Dan Stickel told SecurityWeek. Software is generally used in a “hostile environment,” with a myriad of threats such as worms and malware, and almost never is run on a “pristine” operating system, Stickel noted.

“The reality is, we don’t live in a software Eden anymore,” Stickel said.

Recall what happened in early 2011 when attackers breached Nasdaq’s Directors Desk application, which was used to discuss stock information and company financial data. While the seriousness of the attack was initially downplayed, Nasdaq later admitted the attackers had modified the application and had eavesdropped on financial conversations.

“Nasdaq said, ‘Oops. The software was modified that we didn’t know about,'” Stickel said.

Software applications needed to learn from the world of biology and inherently defend against malware and hackers trying to modify the code to do something it wasn’t designed to do, Stickel said. The immune system technology ensures code integrity.

Developers using Metaforic’s software protection technology can inject thousands of interlocking, self-referencing checks into the application source code, Metaforic said. The self-checking anti-tamper system can defend itself from targeted malware that changes application logic, attempts to repackage applications with malicious malware (common with mobile apps), source code tampering, man-in-the-middle attacks, and attempts to sabotage digital signatures and encryption keys.

An attacker would have to first remove each check manually before it would be possible to modify the code. “There’s no known way to get around. There’s no secret key” to bypass the protections and modify the code, Stickel said.

The developer can specify what kind of response is appropriate to various threats. The application can attempt to repair any problems it finds, report problems to various locations, or terminate the execution of the program.

The software immune system injected directly into the application while it is being built means security is part of the software’s makeup, Stickel said.

Metaforic’s mobile software immune system “gives users one of the most secure, integrated mobile computing experiences and provides a highly effective and efficient methodology to harden applications to defend themselves against the latest and most malicious attacks,” Stickel said. With mobile support, Metaforic is able to protect software from the inside out, even in high-risk environments where there are no other third-party security products deployed or user devices have been rooted or jailbroken, the company said.

Metaforic already supports a wide range of platforms, including iOS, Android, Linux, Windows and Mac OS X.

Nintendo also uses the technology to harden its licensing systems to protect DS games from piracy. Financial institutions use Metaforic to ensure that their mobile applications security and internal back-office software have not been compromised. Device manufacturers use Metaforic to ensure hardware such as network routers and medical devices have not been tampered with.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.