Monday, December 23, 2024

In the crosshairs: Three steps to secure development of digital identity wallet apps

The world’s growing reliance on digital identities and mobile wallets demands that developers deploy the highest levels of app security. Francis Richards, Product Manager, Signing & Senior Solutions Architect at Cryptomathic provides three critical considerations to get started.

Digital identity wallets, like the European Digital Identity (EUDI) wallet, are quickly becoming an indispensable part of daily life. Already, mobile apps allow people to access public services, open a bank account, board a plane, purchase car insurance, apply for a new job, and much more. The EUDI wallet, which will start rolling out across the European Union in 2024, will take these applications a step further, revolutionizing how citizens and businesses can identify themselves.

Designed to allow users to securely store and selectively share personal identification data based on their national electronic IDs (eIDs), the EUDI wallet will also house other digitized attestations of identity documents such as travel credentials (ePassports), driver’s licenses, university diplomas, medical records, and bank account details.  It will also be used as a means to verify identity for gaining access to online resources, such as government websites and personal bank accounts.

While incredibly convenient, the wealth of sensitive data stored in this type of mobile app wallet means that it will likely be under constant attack. For most developers, issuing a mobile app with rich and security sensitive functionality at this scale is new territory, any stakeholder responsible for the development of digital identity mobile applications or EUDI wallets should consider three important factors that directly impact security.

  • Understanding threats and threat vectors

In its latest annual Threat Landscape Report, the European Union for Cybersecurity (ENISA) provides a thorough analysis on the status of the cybersecurity threat landscape and concludes that threat actors are increasing their capabilities, developing their hacker-as-a-service business model, and developing novel and hybrid threats.

As such, it’s imperative that mobile app developers stay alert to the fact that threats to digital identity wallets will come from multiple diverse sources, all with varying motives. Examples of threat agents are numerous and include:

  • Lost/stolen digital identity wallets in the hands of a threat actor.
  • Malware installed on the device which can interact with the wallet in a malicious manner to log user credentials, output, or probe the app to act in an unintended manner. This includes malicious overlays, screen casting tools and repackaged apps on the mobile device that can interact with the wallet.
  • Jailbroken/rooted devices that offer less OS guarantees.
  • Mobile apps that incorrectly implement security mechanisms of the underlying mobile app platform (ie iOS, Android).
  • A compromised or monitored network that allows eavesdropping or altered network communications.
  • Development and test tools that can interact with the mobile app at a low level to gain a detailed understanding of how the app’s security mechanisms work to obtain sensitive information contained within it or change the way in which the app operates.
  • Poor code quality can lead to the discovery of vulnerabilities that the attacker can exploit.

A truly secure digital identity wallet will need to protect against the full depth and breadth of today’s threat landscape.

  • Risk assessment vs. threat modelling

When protecting an existing asset with known threats and established vulnerabilities, a risk assessment is often the most appropriate technique to enhance the security of the asset. For newly developed applications, however, where the inherent vulnerabilities of the asset have not been fully identified, threat modelling may be a more appropriate methodology.

Threat modeling enables the developer to focus on the entire attack surface when developing and deploying security controls, and not just the risks. An effective way to achieve this is by deconstructing the wallet into multiple component parts that support the functionality and interfaces of the wallet. Using knowledge of the applicable threats and typical attack vectors, the developer can choose one of several available threat modelling techniques (or develop its own) to fully understand and categorize these threats to the new application.

  • Finding the right resources to develop and test mobile app security

Protecting applications in a hostile environment is a cat-and-mouse game with attackers. To be regarded as a ‘trust anchor’, digital identity wallet issuers will need to carefully consider their risk mitigation strategy and develop a defense-in-depth model encompassing both proactive and reactive measures.

Since mobile app security is a complex field requiring a skillset that differs from mobile app development, digital identity wallet developers and issuers must identify critical knowledge gaps in their technical resources, skills, processes, and security tooling. If they are unable to plug these gaps with existing resources, they must work with specialist external partners to ensure compliance with industry best practices and regulatory standards.

Only when these three considerations have been considered, and the appropriate safeguards put into place, will digital identity wallets deliver the convenience, security, and seamless user experiences they promise.

Latest