Don’t move your wallet onto your phone yet
TweetFollow Us on Twitter

Don’t move your wallet onto your phone yet

Mobile banking on Android phones could put consumers at risk of fraud and cost banks millions a year global IT security firm MWR InfoSecurity has warned.

MWR Labs, the research arm of MWR InfoSecurity, investigated the security standards of leading Android mobile phone brands to determine the overall exposure to risk of consumers who use mobile devices phones for online banking. Recent research has shown that Android is now the leading phone platform with over 50% market share, driving the development of mobile banking apps for the Android Environment. Results indicated that on some handsets as many as 64% of manufacturer added applications were exposing users to serious security issues.

"We found that while banking apps were generally well written and had very few security issues, the integrity of consumer phones was often compromised by software provided by the phone manufacturer or additional software added by the network provider, exposing online banking customers to potential fraud," Harry Grobbelaar, MWR’s managing director in South Africa, said. "Some of the leading Android handset manufacturers are already looking at shipping mobile devices with native near-field communication (NFC) payment functionalities but if the software in the phones is not secure, the risk will then be even higher."

More to the point, the increasing number of merchants moving to smartphone based Point of Sale (POS) devices, for example using Bluetooth or directly connected chip-and-pin accessories for iPhone or Android, indicates that mobile phones will become a critical element in the payment chain and if not adequately protected, they could introduce additional risks for card fraud that could cost banks millions a year.

The above findings were illustrated by the ruling on HTC by the Federal Trade Commission in the United States on Feb. 22 that required immediate action by HTC to address security weaknesses in the software developed for its mobile devices that allowed location tracking and the theft of personal information stored on users phones.

The MWR Labs looked at six classes of potential vulnerabilities in apps and packages in the leading brands and mobile phones using a modified version of Mercury, its security testing framework, to automatically scan the devices and identify security weaknesses.

The research discovered security vulnerabilities in software added by phone manufacturers or network providers which could be targeted by a malicious application inadvertently downloaded by the user. These weak apps often have more permissions that allow them to access contacts, make telephone calls and even record the content of those calls, meaning that the potential consequences are serious and sensitive data could be compromised. Other applications were found that allowed further apps to be installed with an arbitrary set of permissions, essentially leaving consumers fully exposed to fraud.

Grobbelaar adds: "The move by consumers away from PCs for online banking to mobile platforms will inevitably be followed by the criminal gangs who have been successfully targeting online banking for years. We have already seen many examples of malicious apps sending premium rate text messages and expect there will be a natural progression to higher value areas such as payments and banking."
MWR InfoSecurity supplies services which support clients in identifying, managing and mitigating their Information Security risks."
 

 
AAPL
$128.86
Apple Inc.
+0.40
GOOG
$560.33
Google Inc.
+1.93
MSFT
$43.88
Microsoft Corpora
+0.03
MacNews Search:
Community Search:
view counter

view counter
view counter
view counter
view counter
view counter
view counter

The first ever action 3D card battler Al...
On the other hand, you probably haven’t played an action 3D card battler – until now. Step forward, All Star Legion. All Star Legion is a 3D QTE-based action RPG card battler, but fear not – the game itself isn’t as convoluted as its description. You collect over thirty heroes to train and summon into battle with you, first deciding on the timing... | Read more »
Travel Back to the 1980s With the Making...
Headup Games has released a hilarious making of video for its upcoming title, Pixel Heroes: Byte & Magic. The game is a RPG/Roguelike where you control three heroes set to save the township of Pixton from an evil cult called The Sons of Dawn. They’re going to summon up some ancient, terrible god so you had better work fast to thwart the cult’s... | Read more »
Heavenstrike Rivals Review
Heavenstrike Rivals Review By Campbell Bird on March 2nd, 2015 Our Rating: :: HEAVENLY STRATEGICUniversal App - Designed for iPhone and iPad Despite a few flaws, this free-to-play strategy game is a fun mix of new and old strategy formulas.   | Read more »
Get The Whole Story – Lone Wolf Complete...
Get The Whole Story – Lone Wolf Complete is Now Available and On Sale Posted by Jessica Fisher on February 27th, 2015 [ permalink ] Universal App - Designed for iPhone and iPad | Read more »
Who Wore it Best? The Counting Dead vs....
Like it or not, the “clicker” genre, popularized by cute distractions like Candy Box and Cookie Clicker, seems like it’s here to stay. So Who Wore it Best? takes a look at two recent examples: The Counting Dead and AdVenture Capitalist. | Read more »
Card Crawl, the Mini Deck Building Game,...
Card Crawl, the Mini Deck Building Game, is Coming Soon Posted by Jessica Fisher on February 27th, 2015 [ permalink ] Tinytouchtales and Mexer have announced their new game, | Read more »
Witness an all new puzzle mechanic in Bl...
Well, BlastBall MAX is not one of those games and is bucking trends such as timers, elements of randomness, and tacked-on mechanics in favor of pure puzzle gameplay. When you first boot up the game you’ll see a grid made up of squares that are each filled with four circle-shaped holes in it, and some of those holes will have yellow balls sitting... | Read more »
This Princess Has a Dragon and She isn’t...
This Princess Has a Dragon and She isn’t Afraid to Useit. | Read more »
Mecha Showdown Review
Mecha Showdown Review By Lee Hamlet on February 27th, 2015 Our Rating: :: IN A SPINUniversal App - Designed for iPhone and iPad Mecha Showdown replaces traditional buttons with a slot machine mechanic in this robot fighting game, but the thrill of the gamble just isn’t there.   | Read more »
Reliance Games and Dreamworks Unveil Rea...
Reliance Games and Dreamworks Unveil Real Steel Champions Posted by Ellis Spice on February 27th, 2015 [ permalink ] Reliance Games and Dreamworks have announced that a third game in | Read more »
All contents are Copyright 1984-2010 by Xplain Corporation. All rights reserved. Theme designed by Icreon.