Initially, sneaker bots were developed to automate large orders and purchases of sneaker shoes from an e-commerce store for retailers who want to resell them.
Since then, it has deviated from its purpose damaging the reputations of brands and negatively affecting online customer experience as it is no longer attached to sneakers only. It has expanded to airlines, ticket issuing systems, and clothing stores to spy, steal data, or money.
How sneaker bots started
A good way to use a bot is to confirm quality assurance. Whenever a site code is updated, a bot is used to make sure that the code runs as required. The bot scans the store, adds some products to the cart, and performs check-outs to verify that there are no technical problems that will be experienced once the product is officially launched.
The test use of bots is the same way others use to gain unauthorized access to product releases. In a case where a product is added to the store before it is released, the bot searches for the product IDs, add them to the cart, and waits to check out when the product is finally made available for purchase. Because bots are automated computers, they are fast and react in real-time to purchase the products in seconds and leave nothing to real buyers.
Strangelove Skateboards with NIKE SB designed and produced limited market hit skateboards. Many scrupulous buyers purchased the sneakers in large quantities using bots finishing the stock in seconds, and a one pair customer could not get anything. The process looked irreverent, and Nike had to look for quick fixes like in-store ordering and raffle ticketing.
From the stats, sneaker bots will buy faster than the human being, Strangelove, and Nike had no option but to let customers buy a pair from a dealer by not selling them directly from their e-commerce store.
Security measures to fight bots
App shielding and obfuscation
These methods allow you to hide information to prevent hackers and the sneaker bots from understanding them. Obfuscation is achieved either by encryption or tokenization. In tokenization, the data is replaced with symbols that make it impossible for attackers to regenerate and understand the message.
App shielding is majorly used to protect the app against the stealing of intellectual property and to preserve privacy in such a way that attackers cannot understand how the code works.
However, obfuscation cannot be used in an existing application because the programmer will not change how the application works, and the sneaker both already understands the logic application. It is useful only in developing new applications that sneaker bots do not have an idea about their existence. So, methods like app hardening, jail-break prevention, and anti-tampering are effective solutions.
App hardening
App hardening is a security technique that prevents hackers from reverse engineering applications to get access to source codes. There are two methods: passive hardening, and active hardening.
Passive hardening is making your application more resistant to reverse engineering by using statistical analysis, while active hardening uses both statistical and dynamic analysis. The dynamic analysis uses tools like debuggers to investigate the behavior of your application during run-time. For small scale organizations that do not deal with sensitive data, basic hardening is recommended.
Preventing rooted devices
A jail-broken device has administrative rights that are always disabled on mobile operating systems and could be an indicator that an attacker wants to use it to attack your mobile application. To know if a device is rooted, your app should be able to detect if some of the rights usually disabled by default are enabled.
Anti-tampering
Tampering means that you want to enter into a system that you are not authorized to copy or clone the application or to do any malicious activity. A cloned application can enable an attacker to modify its logic to perform fraudulent transactions that benefit them.
Most of the OSs provide anti-tampering frameworks like Android’s Safetynet that will help you protect your app from tampering.
