209 – Security controls bypass or absence - Emulator

Description

The application does not have a control that detects if it is being used in an emulator, allowing a wider surface for reverse engineering.

Impact

Apply reverse engineer to the application.

Recommendation

Implement recommended security controls for mobile applications.

Threat

Anonymous attacker from the Internet.

Expected Remediation Time

120 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: P
• Attack complexity: L
• Attack Requirements: N
• Privileges required: N
• User interaction: N
• Confidentiality (VC): L
• Integrity (VI): N
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: X

Requirements

• 062 - Define standard configurations
• 266 - Disable insecure functionalities
• 273 - Define a fixed security suite

Last updated

2024/02/16