Are you ready for Mobile Banking? Security vulnerabilities could lead to identity theft!
How do you feel when you lose or forget your iPhone or Blackberry? I asked my friend Sarah the same question and her response was "I would be ‘techno-stressed' and sit in a corner and cry". Our phones have become an extension of our body - it's something we need to have on us all the time. Smartphone's are all the rage and highly in demand. With the availability of countless number of apps that make everything available at the click of a button; online shopping, micro-blogging, and making financial transactions are much easier. This brings us to look at the future of Smart phones and the vulnerabilities that come with it.
Did you know that Google ships out 60, 000 Android phones every day? Which means they send out 21.9 million every year. These phones are in high demand and critiques predict that the new trend for 2010 will be "Mobile Malware". We've already seen potential malicious mobile apps available via the Apple store and Android Market. Recently, Google removed about 50 apps from their Android Market which also targeted a few financial institutions. Here, at Brand Protect our Incident Response Team removed unauthorized apps from a website targeting our clients. 10, 0000's of new apps are submitted everyday to these popular app stores creating a hot spot for the hacking community, leading to more phishing, malware and identity theft. Mobile banking is also growing throughout the world. Recently Barcelona hosted the GSMA - Mobile World Congress 2010, where YellowPepper a leading provider of mobile financial services in Latin American announced the launch of YellowPepper Mony. "YellowPepper Mony enables financial institutions and corporate clients to deliver secure, convenient and easily accessible financial services to consumers, such as mobile money transfers, international remittances, mobile bill payments and pre-paid cell phone service". This signifies that mobile banking is going to spread fast throughout the world - fraudsters, phishers and malware authors are already putting on their "thinking caps" ; thinking of ways to turn banking services offered on mobile phones into cash for themselves. While mobile banking is still in its infancy in North America, we know that it will grow fast. CIBC is already one of the first banks in Canada to offer a mobile banking app for the iPhone. Although, Canada has a slower adoption rate for mobile banking; as more banks jump the bandwagon, the masses will follow.
This also brings us to look at the open source market available for application developers. For instance, Google and Apple are open to anyone and many critiques fear the deficiencies in the testing process which could bypass malware apps. Apple does require that all apps sold in the store are verified and signed by them which give them the power to withdraw the certificate so no one can install it anymore. However, with Apple there is also the risk of "jail breaking" which allows iPhone and iTouch users to run any code on their device without authorization from Apple. Once your iPhone or iTouch is "jailbroken", you can download apps from anywhere - this could lead to malicious content installed on to your phone that can steal all your personal information. Moreover, the vulnerability with the Google Android market is that it allows users to self-sign the code "with their own home generated certificates". As a result, this also poses security risks as the status is only checked upon installation, so once you install a bad app on your phone Google can't take it back.
As we all become dependent on our phones to check our email, make financial transactions, and shop online our "user behavior" also changes. Just like the internet, mobile phones have also become a "social device" which makes people more vulnerable to security risks. Do people pay the same attention when opening an email or downloading something on their computer VS their mobile phone?
Smartphone users beware - Make No Assumptions, ensure Physical Security - don't leave your phone lying around and be Mindful of Malware.