JBOH (JavaScript-Binding-Over-HTTP) is a mobile device attack that enables an attacker to execute arbitrary code on a previously compromised device. These attacks are known to be deployed through malicious JBOH Android software applications. Applications can be compromised in many ways, and Google attempts to feret out these forms of attacks, however it is well known that some legitimate looking Google Play Store applications can contain nefarious and devious attack code that is hidden in these applications without discovery for some time.
Source: GlobalKnowledge
Additional Reading: OWASP Top Ten Application Security Risks
Related Terms: Application Security Assessment
What does this mean for an SMB?
While it is true that some applications can contain malicious code hidden within them, it is usually the exception rather than the rule. Furthermore, SMB owners do not employ the security researchers needed to test and filter out such nefarious applications. The truth is sometimes even Google can’t find them!
However, if you’re a software development shop, who develops code, then you should train your coders on the OWASP Top 10 risks of common coding security errors. This will reduce the number of security problems in your solutions saving expensive fixes/patches down the road.
Code Scanning
In addition to training employees on safe and secure coding practices, development firms should consider performing application fuzzing, application security assessments, dynamic code scanning, status code analysis using automated tools from code scanning vendors and expert 3rd party testing firms. These are all reasonable best practices to be built into your software development life cycle (SDLC).