Jul 28 2017

And the app attacks!

Dan

Blog post image

From social media to online banking, from ordering food, car rides, to arranging dates, playing games, monitoring real-time health stats and performing inventory tracking (plus a myriad of other utilities), smartphone applications (or commonly known as ‘apps’) have revolutionized how entire aspects of work and life happen. Now we can finally say that computers have become pocket devices and they are so pervasive now that even children are able to operate them, and they appear to be more skilled than many adults at that. But as it seems to be the case with other human innovations, there is usually an implied price to pay for such benefit, or worse, there comes along a host of unexpected problems that arise from a pointed solution. Yet the price to be paid and the new set of problems to handle are not readily evident or easy to deduce.

A sharp case in point is the current situation in Ukraine. The ancient and famous “breadbasket of Europe” has been the scene of much tragedy for the past few hundred years due to her strategic location, as different powers fought over her control. And now, times are especially delicate as the central government in Kiev is trying to regain order in the east of the country where they are fighting separatist rebels in the Donbass region.

History teaches us that through long stretches of time, the ancestors of modern Ukrainians faced wars of occupation, conflicts between empires, land partitions and changes in government. One may want to recall the first paragraph and be tempted to ask, how could smartphone apps interfere with (or be a part of) that historical process? The answer is in the new adage, ‘welcome to the Brave New World of instant data’. In one particular instance, the use of an app which aimed at improving work quality for its users (namely, in the Ukrainian military) inadvertently allowed for the delivery of the worst outcome possible, through an unfortunate turn of events.

Until now, the mainstay of Ukraine’s field artillery has been the Soviet-era D-30 2A18 Howitzer, a 122mm gun that proved to be powerful and resilient against soft targets (infantry, convoys) and quite effective against fortified positisionas as well as tanks. However, its age and limitations are evident in the battlefields of today. Its main shortcoming is that it can take several minutes to input parameters as to make the gun ready to fire, even when experienced crews are manning it.

So, one Captain in the Ukrainian army had the original idea to create an app for Android phones that would allow for a much faster configuration process, even when manned in its slimmest configuration (a crew of three). The app was an instant success which compounded the other benefits of using the D-30, that is, the ease of servicing and maintaining the gun and its low cost, as Ukraine inherited a large cache of weapons from the collapse of the Soviet Union at the end of 1991. So thanks to the Android app, finally the last and biggest limitation of that one field gun was addressed, with great satisfaction. The equivalent of a complete overhaul nearly free of cost.

Propelled by the success, the new app was shared in web boards used by Ukrainian military personnel. Yet, somehow, hostile elements got wind of this new development, gained access to such forum web pages, copied the app, reverse-engineered it and came up with a nearly identical cloned version which was readily shared in those same bulletin boards. This other version of the app performed nearly exactly the same way as the original one, except for one new (but also deadly) secret feature: it also broadcasts the GPS coordinates of the howitzer using that app. The consequences were swift and brutal: in a few weeks the Ukrainian army lost nearly 80% of its artillery units, each battery was hit almost immediately after firing at targets.

As they say, ‘in hindsight everyone has 2020 vision’; notwithstanding the popular saying, this instance of one great idea originated from a talented and well-intentioned army officer ending up vulnerable to bad people who took advantage of the situation through some clever and utterly despicable means.

Tenex Developers is a firm believer in careful and thorough testing of applications. And a devout follower of practices that aim to secure code, prevent and detect application tampering. We have the right experience, dedication and savoir-faire to make application security a standard feature in any solution package we provide to our business partners worldwide. In this world of quick (and sometimes overwhelming) maneuvers, there are pivotal moments that could bring sudden changes to entire socio-political landscapes. It is therefore of paramount importance that those who serve the public interest are ready to adapt accordingly. Tenex is ready and able to build and deliver solutions to match those challenges.