Hacking Your Security Officer

Posted on September 9, 2015 by Mathijs Brand

It started a couple of months ago with a great idea. You hacked together a prototype in the evening which you pivoted to some customers. And then you did it. You convinced your managers to build this killer app. You quickly assembled a team. You focused on core functionalities, user experience and intuitive design. You thought about performance and load testing. An architecture for scaling up. Energy in the team was at an all-time high. No competitor did this before. It was all so exciting. Test users were surprised they could login and have these genius new abilities at their fingertips. Your team was going to revolutionize the market. And then Jeff walked in… 

“Ok guys, this thing is not very secure. My grandma could hack it while you’re disclosing core finance. I’m not going to allow it. Too risky."

How you hated Jeff with all your bones. Jeff, the security officer, who leaves coffee marks on your desk. Jeff who laughs so loud at his own jokes. Jeff who seems to enjoy his power.

At the same time, even-though you didn’t want to admit it, he had a point. Security was on your mind during the process, but then again you can’t think of everything. You brainstormed about your options:

A: Get the security of the app at a higher level.
Easier said then done. You needed to assemble all the books and blogs on security. Got yourself up to date. You already had Hacking and Securing iOS Applications: Stealing Data, Hijacking Software, and How to Prevent It”, but this thing was so complicated. Maybe you needed to acquire extra budget and hire an external consultant. But how easy would that be, finding the right person and how would he get it right? Integrating with those dinosaur systems in your organization, this things would take months or years. You needed other options.

B: Hack the security officer
They key here was to find out which drink your Jeff likes. Study Jeff from a little distance like you were Charles Darwin. Jeff likes regular whiskey, so you got him Santis Malt Swiss Highlander Edition Alpstein Single Malt Whiskey 6 YO. Great bate and not suspiciously expensive. Then you need to get sleeping pills and engage for success. It would take  a bit of time to get the exact mixture and amount right. Jeff needed to be just awake enough to give you a signature, but not too sleepy or drunk for any type of resistance.

Really, you needed other options than this. There was no way you were getting a signature from him. 

If you would only have used the Onegini SDK, this would have had a totally different outcome.


Onegini Mobile Security Platform Brochure download button

Topics: Security

White paper: Digital Transformation Insurance Companies