Super Mario Run Security Issues

Following the launch of Nintendo’s Super Mario Run game, Aaron Lint, VP of Research at Arxan Technologies, commented below on the security issues surrounding the app and its use of online DRM (digital rights management), alongside advice on the most effective way to secure mobile gaming applications.

Aaron Lint, VP of Research at Arxan Technologies:

 “As Nintendo’s second foray into mobile gaming with one of their lead franchises, Super Mario Run is immediately going to be a prime target for attackers trying to exploit its code – especially with the number of users which will be downloading this game.

“Just as with the previous smash hit Pokémon Go, we anticipate the appearance of corrupted, fake apps used to spread malware, as well as pirates setting to work enabling free versions of the full game, saving people from the $9.99 price tag.

“However, their decision to use always online DRM (digital rights management) that requires a constant internet connection may only further encourage attackers to defeat the restrictions.  It will become clear that simply using DRM does not provide adequate security for the app.

“A much more effective approach in protecting games from piracy is to harden the code and cryptographic keys to prevent attackers bypassing business logic in the first place. Using techniques such as code integrity protection, obfuscation, and white box cryptography gives the application the ability to adapt and defend even if hackers are able to break through other security measures.”