Are Mobile Games Secured ?
She requested me to stop playing Online game.. But now she is married and spending time with her kids, while I’m still Single and playing COD mobile.
Everyone likes to play games; especially Mobile games. Most of generation “Z’ are addicted to play games. The worldwide gaming industry was worth $152 billion at the end of 2019, and 45% of the income i.e., $68.5 billion, came from mobile gaming itself.
Are mobile games secured ? If not, what will happen ?
The risk is so high that the entire gaming industry reported almost 12 billion credential stuffing attacks. Basically, our mobile devices can be hacked. Players spend lots of money to purchase game items, new updates and etc. However hackers do not pay to purchase any of these. Further more, if a mobile game is less secured, a good hacker can access any mobile device or servers and steal bank account credentials, personal details and etc.
Why hackers love to hack mobile games ?
1. Mobile gaming is a trending business.
Players spend lots of money on in-app purchases, and in-app advertisements which are sponsored by different brands. In reality, according to the App Annie’s 2020 State of Mobile report, mobile gaming is expected to achieve a cross-store total of $100 billion in sales this year. In the meantime, Business of Apps reports that in 2018, consumers spent average of $79 on in-app purchases, with 44 of those dollars going towards game purchases.
They provide a tempting target for hackers who want to capitalize, with so much money pouring into mobile games. Hackers may:
· Bypass In-App Purchases
· Unlock and share applications with other users
· Siphon off advertisement revenue via app cloning and ad substitution
According to 2017 App Annie report Most mobile games rely on in-app purchases to get the income. Regardless of strategy, the interference of hackers in the revenue stream of a game can have a large effect on the bottom line. In fact, according to VentureBeat, one company found that hackers siphon off around 40 percent of “in-game revenue and microtransactions” each year.
It is clear that a conducive atmosphere for hacking is generated by the vast volume of money pouring into mobile games.
2. Play to win
The requirement to win the game motivates gamers, and games are built to keep players interested, tested, and inspired to continue attempting to hit the next level, unlock the next advantage, and eventually win.
However, some players push this rivalry a bit too far, trying to “beat the system” with hacks, cheats, and other ways to unfairly get ahead of gaming. Goalbots, forwarding on false GPS coordinates, changing game conditions, and spoofing time stamps may be some of the ways how gamers cheat.
While this can sound relatively harmless, these hackers may damage the bottom line of a game. Fairness is prized by players, and they expect to compete on an even field. Cheating will harm the credibility of a game, leading players to forfeit games; one company reported 77 percent of players will leave the game if they suspect cheating. So, rampant piracy will drastically affect the credibility and potential profitability of a game, and businesses need to take this seriously and develop a security policy.
Any businesses are, of course, taking security action. For example, Lets consider the incident that occurred regarding the popular game The Fortnite, an immensely popular game. A teenage player was sued by its creator for demonstrating and selling cheats through YouTube. They settled in 2019, but the case reveals the danger involved with deception and the severity. And the developers of Call of Duty: Smartphone, another wildly popular title, introduced a method, earlier this year, to track players who cheat to improve their results.
In addition to these kinds of steps, which can be very pricey in the case of court battles, game companies should consider putting an end to piracy at the code level on many fronts. Gaming studios can make cheating much harder to achieve with an effective multi-layered mobile app security plan. The internal logic of apps can be protected by encryption mechanisms such as obfuscation, while runtime device self-protection (RASP) can detect and fix threats.
Mobile games are a common target for hackers, with too many people able to either build or purchase cheats.
3. Expectations are higher
Consumers now expect instantaneous, on-demand experiences. Apps will go viral instantly, and games from all around the world can be played by gamers, 24/7, all year long.
In order to compete with other game-makers, this on-demand economy means that gaming studios need to release new and updated games quickly and smoothly. They will need to release them on several platforms, and the games need to be extremely simple and sensitive. These conditions can lead to the success of Unity, which is used to build more than half of all new smartphone games today.
However, while release pace and the game itself are the keys, game-makers cannot afford to loose security corners. From the outset, before the game or other changes are released, it is important that studios integrate protective measures into the app code. Hardened security code and harassment detection in real time will allow studios to avoid bad actors and maintain the integrity of the studio.
As studios are putting out more and more games to meet the demand of gamers, hackers can find unprotected coding, authentication measures loopholes, and tracking lags. To keep players happy, game developers would need to ensure that well-secured coding and real-time security warnings are in place.
Things that mobile game developers should do
1. Reverse engineering malware
Games that are far more common than others are often more prone to reverse engineering attacks and contamination by malware. Hackers will reverse-engineer the underlying graphics, game assets, coding, and data assets of the game and repackage them to be released as a replica on the market. Many of these cloned games are also tainted with ransomware and will damage the original game’s credibility indirectly.
In 2014, a game called Flappy Bird was released in the Apple App Store and very soon after its arrival, it became one of the shop’s best free games. Developers reported that each day they made about $50,000 from only sales and advertising. Appropriately, after a month, 60 or more copies of the game were added every day to the store and most of them were also infected by malwares.
2. Flaws in the in-app purchasing system
While most smartphone games rely on in-app purchases for their wholesome money, most of these buying mechanisms have severe security vulnerabilities that enable hackers to access free add-on products and gameplay functionality. In reality, in 2012, one flaw in Apple’s in-app buying mechanism allowed 8.4 million false transactions to be made by threatening actors. Due to of this mistake, over 115 games were affected and the resultant loss of sales went up to $840 million starting from $8.3 million
3. Privacy and unauthorized installations
There are plenty of third-party shops around the world for smartphone applications, and most of them sell apps for Android. In addition, app creators are drawn to these app stores so that they can gain higher revenues. What really happens is that the pirated or cloned copies of the software are still hosted by these untrusted app stores (especially games). Not only can these fake apps contain ransomware, but they also deprive the original game developers sales. For their titles, some mobile game developers have reported piracy rates as high as 90 percent. Now that we know about what the fundamental security threats are. we are required to investigate on protect mobile gaming applications.
4. Secure your code
Unchecked technology contributes to the device infrastructure being compromised by smartphone malwares. This creates glitches and vulnerabilities in the game and the developers sometimes ignore this point. Recently, Infosecurity Magazine released a survey claiming that more than 11.5 million mobile devices are compromised with malicious code at a given time, and the figures are expected to rise in the future. In order to identify and respond to these vulnerabilities, developers should carefully analyze their code. This will keep their gaming apps from circulating on the market against current security risks such as injection attacks and reverse engineering and definitely prevent harmful apps from being distributed. ⠀
5. Ensure the security of devices
The protection of the underlying system is equally critical for safe coding. Depending on the infrastructure of the application, developers need to find ways to verify and ensure the security of the host system. One of the key aspects that a developer can review is whether or not the software sandbox in the mobile operating system is intact. The rooted devices pose a great challenge as their security paradigm may have been disturbed due to jailbreaking.
Hackers may also use the excess permissions given to apps to extract simple access such as SMS and contacts and use them for malicious activities by moving their malwares. Overall, the security of your gaming app also depends on the degree of security that the users on their devices retain.
6. Securing payment gateways
The smallest flaw in your in-app buying method will result in losing millions of dollars in your company. To locate critical points in your payment system, you can set up intrusion protection on the periphery in front of the program back-end and even use code obfuscation methods to make it impossible for hackers to obtain access to your applications. Not only can these moves protect the payment system, but they also allow you enough time to respond in the event of a leak. Because modern automated tools can decipher even obfuscated text, using clean programming techniques and focusing on sufficient application infrastructure would be a safer practice.
7. Monitoring app security in real time
The fact that a gated and guarded building is better than a locked building is a proven fact. Similarly, in order to receive warnings for possible risks, it is prudent to add a motion monitoring device around the framework infrastructure. The area of real-time security monitoring is relatively recent, but helps developers to track their application and its origin and frequency for attempted attacks.
Now it is a relief that you are planning to track your application’s protection in real-time, but what about the other security infrastructure components? Without a doubt, security features and firewalls should be secured on the server side of the system, and client-server communications should be made via SSL and other reliable methods. Since access to all server-side information exists from the client-side, the same implementation of security can also be performed for the application’s client-side.
8. Preventing memory hacking
The solution embraced by free-to-play games is to add in-app transactions of certain products that enable players to perform better or conquer certain hurdles faster. Memory hacking essentially isolates the holding point of these products and offers unrestricted in-game cash or gold access to the hacker. The activities performed by a player in most mobile games are registered on the local computer itself and batched until they are sent to the server. This avoids network latency which makes it easier for the gaming experience. This helps hackers to use memory hacking softwares to attack loads of things and attach a modification tool to access the memory of the app and in-app payments.
This can, however, be avoided by identifying and reacting of any attempt at external memory alteration. This is likely only if the developer is willing to build a prevention measure for memory hacking in the game itself or to go for commercially available software. As commercial technologies are armed with more capital and more time on testing, they could be a more viable alternative.
9. Ensure your servers
Many expert game designers say that the weakest targets for hackers are online gaming servers. Due to the amount of confidential data they carry, they are attacked frequently. That is why it is important to implement all the appropriate protections on your gaming servers, such as firewalls, QA checks, intrusion detection systems, etc. It can’t be overlooked at any stage because the protection of servers is as critical as the game application itself.
10. Adopt preventing and vulnerability testing
While it comes to the production of mobile games, you have to know how to protect the users’ data and identify gaps and bugs that might cause security accidents. One of the easiest ways of achieving this goal is penetration checking. Penetration checking highlights the weak points and helps your application to be protected from these vulnerabilities in your submission.
So, in the present world everyone plays mobile games online or offline to make their free time enjoyable. Some plays as hobbies, some plays to achieve goals and some plays to connected with others etc. I think if a game is well secured no need to be afraid to play games.
Play games. Get Addicted. Just don’t die..
Written By/ Dilun Madhawa -3rd Year 2nd Semester -Cyber Security Student at SLIIT