Don’t move your wallet onto your phone yet
TweetFollow Us on Twitter

Don’t move your wallet onto your phone yet

Mobile banking on Android phones could put consumers at risk of fraud and cost banks millions a year global IT security firm MWR InfoSecurity has warned.

MWR Labs, the research arm of MWR InfoSecurity, investigated the security standards of leading Android mobile phone brands to determine the overall exposure to risk of consumers who use mobile devices phones for online banking. Recent research has shown that Android is now the leading phone platform with over 50% market share, driving the development of mobile banking apps for the Android Environment. Results indicated that on some handsets as many as 64% of manufacturer added applications were exposing users to serious security issues.

"We found that while banking apps were generally well written and had very few security issues, the integrity of consumer phones was often compromised by software provided by the phone manufacturer or additional software added by the network provider, exposing online banking customers to potential fraud," Harry Grobbelaar, MWR’s managing director in South Africa, said. "Some of the leading Android handset manufacturers are already looking at shipping mobile devices with native near-field communication (NFC) payment functionalities but if the software in the phones is not secure, the risk will then be even higher."

More to the point, the increasing number of merchants moving to smartphone based Point of Sale (POS) devices, for example using Bluetooth or directly connected chip-and-pin accessories for iPhone or Android, indicates that mobile phones will become a critical element in the payment chain and if not adequately protected, they could introduce additional risks for card fraud that could cost banks millions a year.

The above findings were illustrated by the ruling on HTC by the Federal Trade Commission in the United States on Feb. 22 that required immediate action by HTC to address security weaknesses in the software developed for its mobile devices that allowed location tracking and the theft of personal information stored on users phones.

The MWR Labs looked at six classes of potential vulnerabilities in apps and packages in the leading brands and mobile phones using a modified version of Mercury, its security testing framework, to automatically scan the devices and identify security weaknesses.

The research discovered security vulnerabilities in software added by phone manufacturers or network providers which could be targeted by a malicious application inadvertently downloaded by the user. These weak apps often have more permissions that allow them to access contacts, make telephone calls and even record the content of those calls, meaning that the potential consequences are serious and sensitive data could be compromised. Other applications were found that allowed further apps to be installed with an arbitrary set of permissions, essentially leaving consumers fully exposed to fraud.

Grobbelaar adds: "The move by consumers away from PCs for online banking to mobile platforms will inevitably be followed by the criminal gangs who have been successfully targeting online banking for years. We have already seen many examples of malicious apps sending premium rate text messages and expect there will be a natural progression to higher value areas such as payments and banking."
MWR InfoSecurity supplies services which support clients in identifying, managing and mitigating their Information Security risks."
 

 
AAPL
$95.01
Apple Inc.
+0.99
GOOG
$682.74
Alphabet Inc.
-0.83
MSFT
$49.41
Microsoft Corporation
-0.75
MacNews Search:
Community Search:
view counter

view counter
view counter
view counter
view counter
view counter
view counter

Check out the new Pirate Attack update i...
Love pirates and board games? Well, you'll love the new Pirate Attack themed update that just launched in Game of Dice. It adds a bunch of new content themed around pirates, like an all new event map based on a pirate ship which revamps the toll system to better suit the rogueish nature of the seafarers. [Read more] | Read more »
Splash Cars guide - How to paint the tow...
Splash Cars is an arcade driving game that feels like a hybrid between Dawn of the Plow and Splatoon. In it, you'll need to drive a car around to repaint areas of a town that have lost all of their color. Check out these tips to help you perform with flying colors: [Read more] | Read more »
The best video player on mobile
We all know the stock video player on iOS is not particularly convenient, primarily because it asks us to hook a device up to iTunes to sync video in a world that has things like Netflix. [Read more] | Read more »
Four apps to help improve your Super Bow...
Super Bowl Sunday is upon us, and whether you’re a Panthers or a Broncos fan you’re no doubt gearing up for it. [Read more] | Read more »
LooperSonic (Music)
LooperSonic 1.0 Device: iOS Universal Category: Music Price: $4.99, Version: 1.0 (iTunes) Description: LooperSonic is a multi-track audio looper and recorder that will take your loops to the next level. Use it like a loop pedal to make loops, and then arrange those loops into complete songs with cut, copy, trim, paste, reverse,... | Read more »
Space Grunts guide - How to survive
Space Grunts is a fast-paced roguelike from popular iOS developer, Orange Pixel. While it taps into many of the typical roguelike sensibilities, you might still find yourself caught out by a few things. We delved further to find you some helpful tips and tricks on surviving as long as possible. [Read more] | Read more »
Dreii guide - How to play well with othe...
Dreii is a rather stylish and wonderful puzzle game that’s reminiscent of cooperative games like Journey. If that sounds immensely appealing, then you should immediately get cracking and give it a whirl. We can offer you some tips and tricks on getting started too! [Read more] | Read more »
Kill the Plumber World guide - How to ou...
You already know how to hop around like Mario, but do you know how to defeat him? Those are your marching orders in Kill the Plumber, and it's not always as easy as it looks. Here are some tips to get you started. This is not a seasoned platform player [Read more] | Read more »
Planar Conquest (Games)
Planar Conquest 1.0 Device: iOS Universal Category: Games Price: $12.99, Version: 1.0 (iTunes) Description: IMPORTANT: Planar Conquest is compatible only with iPad 3 & newer devices, iPhone 5 & newer. It’s NOT compatible with iPhone 4, iPad 2 and earlier devices. | Read more »
We talk to Cheetah Mobile about its plan...
Piano Tiles 2 is a fast-paced rhythm action high score chaser out now on iOS and Android. You have to tap a series of black tiles that appear on the screen in time to the music, being careful not to accidentally hit anywhere else. Do that and it's game over. [Read more] | Read more »
All contents are Copyright 1984-2010 by Xplain Corporation. All rights reserved. Theme designed by Icreon.