Task #13204
Task #13202: Huawei Pentest Remidiation
HUAWEI - M1 - Lack of Code Integrity Checks
Status: | Closed - End of life cycle | Start date: | September 06, 2022 | |
---|---|---|---|---|
Priority: | Normal | Due date: | September 16, 2022 | |
Assignee: | MUHAMMAD IHSAN | % Done: | 100% | |
Category: | PCI DSS - Pentest | Spent time: | - | |
Target version: | - |
Description
Description :
At the time of assessment, LGMS security team identified that the mobile application does not detect and respond to changes in the application code's integrity.
The lack of integrity checks allow a malicious user to modify the application and repackage it to look like the original. This could be used to trick victims into installing the modified application.
LGMS Solution :
Implement integrity checks on the app byte-code, native libraries, and important data files. These checks can be implemented on both the Java and the native layer.
Penril Plan :
To retest, turn on MFP authentication.
To separate huawei and android at MFP.
History
#1 Updated by MUHAMMAD IHSAN almost 2 years ago
- File Screenshot_2022-09-22-16-23-45-436_com.bsnebiz.cdb.png added
- File Screenshot 2022-09-22 170311.png added
- Status changed from New - Begin Life Cycle to Finished Development
- % Done changed from 0 to 100
Implement a new integrity check to check and compare app signatures. The app will log out if the signature doesn't match.
#2 Updated by Nurul Athira Abdul Rahim over 1 year ago
- Status changed from Finished Development to Closed - End of life cycle
Deployed to SIT on 15/4/22
Deployed to UAT on 18/4/22
Confirmed by azyan on 23/3/23, now pending LGMS feedback and new testing cycle result.