| Recurring |
one_organization, multiple_organization |
(a) The software failure incident having happened again at one_organization:
- The article mentions that in Arxan's second annual report on the state of security in the app economy, it was found that 100% of the top paid Android apps are subject to hacking, indicating a recurring issue with app security on the Android platform [55788].
(b) The software failure incident having happened again at multiple_organization:
- The article highlights that Arxan's analysis found hacked versions of all of the top 100 paid apps for Android and 56% of the top 100 paid apps for Apple's iOS either on the main store or third-party sites, indicating a widespread issue across multiple organizations and platforms [55788]. |
| Phase (Design/Operation) |
design, operation |
(a) The article mentions that a significant number of apps in both Apple's and Google's app stores have been targeted for hacking, with financial apps on Android being particularly vulnerable. Hacked apps have been uploaded to third-party stores or Google Play to capture credentials from users, operate maliciously, or defraud the app's creator by removing adware elements. This indicates a failure in the design phase where contributing factors introduced by system development and updates have made the apps susceptible to hacking [55788].
(b) The article also highlights that users can download apps from third-party stores on Android devices, which can lead to the installation of malware or hacked apps. Additionally, the lack of standardization in the Android ecosystem, with a significant number of devices running older versions of the operating system, makes users vulnerable to known threats. This points to a failure in the operation phase where contributing factors introduced by the operation or misuse of the system, such as downloading apps from unverified sources, can lead to security breaches [55788]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system: The software failure incident reported in the articles is primarily due to factors originating from within the system. The incident involves hacked apps being uploaded to third-party stores or Google Play, tampering with the original code, and the presence of malware and hacked apps even in Google's official Play store. The failure is attributed to vulnerabilities within the apps themselves, leading to security breaches and fraudulent activities [55788].
(b) outside_system: The software failure incident also involves contributing factors originating from outside the system. For example, the ability of Android users to download apps from third-party stores and the lack of standardization in the Android ecosystem are external factors that contribute to the security vulnerabilities and the presence of hacked apps. Additionally, the report mentions that hackers target platforms with the most users, indicating external pressures influencing the security landscape [55788]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident occurring due to non-human actions:
The articles mention that a significant number of apps in both Apple's and Google's app stores have been targeted for hacking, with financial apps on Android being particularly vulnerable. Apps have been hacked and uploaded to third-party stores or Google Play to capture credentials from users, operate maliciously, or defraud the app's creator by removing adware elements. This hacking and tampering with the original code are examples of software failure incidents caused by non-human actions [55788].
(b) The software failure incident occurring due to human actions:
The articles highlight that users can download apps from third-party stores on Android devices, and iOS users can jailbreak their devices to install software with "root" privileges. Additionally, the articles mention instances where hacked versions of apps were placed in the Google Play store before the official ones, leading to security concerns. These actions by users and hackers to manipulate the app ecosystem contribute to software failure incidents caused by human actions [55788]. |
| Dimension (Hardware/Software) |
software |
(a) The articles do not provide specific information about a software failure incident occurring due to contributing factors originating in hardware. Therefore, it is unknown.
(b) The articles discuss software failure incidents related to hacked apps being uploaded to third-party stores or Google Play, capturing credentials from users, operating maliciously, defrauding app creators, and tampering with original code [55788]. These incidents are examples of software failures due to contributing factors originating in software. |
| Objective (Malicious/Non-malicious) |
malicious, non-malicious |
(a) The objective of the software failure incident was malicious:
- The articles mention that a significant number of apps in both Apple's and Google's app stores have been targeted for hacking, with financial apps on Android being particularly vulnerable. Hacked apps have been uploaded to third-party stores or Google Play to capture credentials from users, operate maliciously, or defraud the app's creator by removing adware elements [55788].
- It is highlighted that hackers can more readily target the fragmented and open Android ecosystem to insert malware into the Google Play store, leading to greater insecurity on this platform [55788].
- The report by Arxan indicates that 92% of malware was created for Android, showing a clear focus by hackers on the platform with the most users [55788].
(b) The objective of the software failure incident was non-malicious:
- The articles mention that in some cases, apps have been tampered with or modified without malicious intent, such as when there has been tampering with the original code of apps [55788].
- It is noted that even Google's official Play store can be a source of malware and hacked apps, indicating that not all incidents are necessarily driven by malicious intent but can also be due to vulnerabilities in the system [55788]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The intent of the software failure incident related to poor decisions can be seen in the article where it mentions that financial apps on Android were particularly vulnerable to hacking. Despite the sensitive nature of the data these apps handle, a significant percentage of them were found to have been hacked and reposted, with 53% of Android financial apps being affected [55788]. This vulnerability can be attributed to poor decisions in the design, development, or security measures of these apps, leading to their compromise. |
| Capability (Incompetence/Accidental) |
development_incompetence, accidental |
(a) The articles mention that a significant number of apps in both Apple's and Google's app stores have been targeted for hacking. Financial apps on Android are particularly vulnerable, with 53% of Android financial apps and 23% of iOS financial apps found to have been hacked and reposted [55788]. This indicates a software failure incident occurring due to development incompetence, as the apps were compromised due to security vulnerabilities introduced during the development process.
(b) The articles also highlight that hacked apps have been uploaded to third-party stores or Google Play to capture credentials from users, operate maliciously, or defraud the app's creator by removing adware elements. Additionally, the presence of malware and hacked apps on Google Play, including a hacked version of BlackBerry's BBM app, demonstrates a scenario where software failures occurred accidentally, leading to security breaches and compromised user data [55788]. |
| Duration |
permanent |
(a) The articles mention that hacked apps have been showing up in different storefronts, such as Cydia, in a decrypted state, indicating that the software has been permanently hacked [55788]. Additionally, the report by Arxan states that their research consistently found that 100% of the top paid Android apps are subject to hacking, highlighting a persistent issue with software security on the Android platform. This suggests a permanent state of vulnerability and failure due to contributing factors introduced by all circumstances. |
| Behaviour |
crash, omission, value, other |
(a) crash: The articles mention instances of hacked apps being uploaded to third-party stores or Google Play, either to capture credentials from users, operate maliciously, or defraud the app's creator. This behavior can lead to a crash where the system loses its state and fails to perform its intended functions [55788].
(b) omission: The articles discuss how financial apps, particularly on Android, have been targeted for hacking, with a significant percentage of iOS and Android financial apps being hacked and reposted. This omission of performing intended functions correctly can occur when users' essential data such as bank account numbers and passwords are compromised due to the hacking of financial apps [55788].
(c) timing: There is no specific mention of a timing-related failure in the articles.
(d) value: The articles highlight the issue of hacked apps being uploaded to various app stores, including Google Play, which can lead to the system performing its intended functions incorrectly. For example, a hacked version of the BBM app for Android was downloaded over a million times before the official release, indicating incorrect functioning of the app due to hacking [55788].
(e) byzantine: The articles do not provide information about a byzantine behavior of the software failure incident.
(f) other: The other behavior observed in the software failure incident is the tampering with the original code of apps. The articles mention examples where there has been tampering with the original code of apps, leading to a situation where the software has been hacked. This unauthorized modification of the code can result in unexpected behavior and compromise the integrity of the apps [55788]. |