Don’t move your wallet onto your phone yet
TweetFollow Us on Twitter

Don’t move your wallet onto your phone yet

Mobile banking on Android phones could put consumers at risk of fraud and cost banks millions a year global IT security firm MWR InfoSecurity has warned.

MWR Labs, the research arm of MWR InfoSecurity, investigated the security standards of leading Android mobile phone brands to determine the overall exposure to risk of consumers who use mobile devices phones for online banking. Recent research has shown that Android is now the leading phone platform with over 50% market share, driving the development of mobile banking apps for the Android Environment. Results indicated that on some handsets as many as 64% of manufacturer added applications were exposing users to serious security issues.

"We found that while banking apps were generally well written and had very few security issues, the integrity of consumer phones was often compromised by software provided by the phone manufacturer or additional software added by the network provider, exposing online banking customers to potential fraud," Harry Grobbelaar, MWR’s managing director in South Africa, said. "Some of the leading Android handset manufacturers are already looking at shipping mobile devices with native near-field communication (NFC) payment functionalities but if the software in the phones is not secure, the risk will then be even higher."

More to the point, the increasing number of merchants moving to smartphone based Point of Sale (POS) devices, for example using Bluetooth or directly connected chip-and-pin accessories for iPhone or Android, indicates that mobile phones will become a critical element in the payment chain and if not adequately protected, they could introduce additional risks for card fraud that could cost banks millions a year.

The above findings were illustrated by the ruling on HTC by the Federal Trade Commission in the United States on Feb. 22 that required immediate action by HTC to address security weaknesses in the software developed for its mobile devices that allowed location tracking and the theft of personal information stored on users phones.

The MWR Labs looked at six classes of potential vulnerabilities in apps and packages in the leading brands and mobile phones using a modified version of Mercury, its security testing framework, to automatically scan the devices and identify security weaknesses.

The research discovered security vulnerabilities in software added by phone manufacturers or network providers which could be targeted by a malicious application inadvertently downloaded by the user. These weak apps often have more permissions that allow them to access contacts, make telephone calls and even record the content of those calls, meaning that the potential consequences are serious and sensitive data could be compromised. Other applications were found that allowed further apps to be installed with an arbitrary set of permissions, essentially leaving consumers fully exposed to fraud.

Grobbelaar adds: "The move by consumers away from PCs for online banking to mobile platforms will inevitably be followed by the criminal gangs who have been successfully targeting online banking for years. We have already seen many examples of malicious apps sending premium rate text messages and expect there will be a natural progression to higher value areas such as payments and banking."
MWR InfoSecurity supplies services which support clients in identifying, managing and mitigating their Information Security risks."
 

 
AAPL
$106.98
Apple Inc.
-0.36
GOOG
$550.31
Google Inc.
+0.98
MSFT
$46.05
Microsoft Corpora
-0.57
MacNews Search:
Community Search:

Latest Forum Discussions

See All
view counter

view counter
view counter
view counter
view counter
view counter
view counter

SAS: Zombie Assault 4 Review
SAS: Zombie Assault 4 Review By Jennifer Allen on October 30th, 2014 Our Rating: :: FLAWED SHOOTERUniversal App - Designed for iPhone and iPad Shoot everything that moves in this fun, if flawed, twin-stick shooter.   | Read more »
Naailde the Witch Review
Naailde the Witch Review By Amy Solomon on October 30th, 2014 Our Rating: :: PITCH-PERFECT STORYTELLINGUniversal App - Designed for iPhone and iPad Marvelous storytelling, narration, and moving illustrations make this storybook worth a download.   | Read more »
1st & Goal Review
1st & Goal Review By Andrew Fisher on October 30th, 2014 Our Rating: :: FOR THE D&D LOVING QBUniversal App - Designed for iPhone and iPad 1st & Goal is a board gamer’s football game, a football fan’s board game, and well worth a look.   | Read more »
French Developer Pated Unveils Seashine
French Developer Pated Unveils Seashine Posted by Ellis Spice on October 30th, 2014 [ permalink ] French one-man studio Pated has unveiled Seashine, “a poetic journey into the abyss.” Players take on the role of a jellyfish strugglin | Read more »
Agents of Storm: Tips, Tricks, and Strat...
Calling all agents: Would you like to see what we thought of this rather pretty base builder? Check out our Agents of Storm review! Have you downloaded Agents of Storm, been bowled over by the graphics, and aren’t quite sure what to do next? Never fear, for we’re here with some handy tips and tricks to help any beginner get started!   Diamonds Are... | Read more »
Any.DO 2.0 Hopes to Help Manage Producti...
Any.DO 2.0 Hopes to Help Manage Productivity Posted by Ellis Spice on October 30th, 2014 [ permalink ] iPhone App - Designed for the iPhone, compatible with the iPad | Read more »
Base Busters Review
Base Busters Review By Jennifer Allen on October 30th, 2014 Our Rating: :: FUN BUT RESTRICTED MIXUniversal App - Designed for iPhone and iPad Mixing up two forms of tower defense gaming and collectible cards, Base Busters is a fun mix that’s restricted by freemium elements.   | Read more »
Sumptus - Personal Expense Tracker in Yo...
Sumptus - Personal Expense Tracker in Your Pocket 1.0 Device: iOS iPhone Category: Finance Price: $3.99, Version: 1.0 (iTunes) Description: Sumptus - a personal finance assistant in your pocket. It’s an ultimate expense tracker designed to add expenses quickly and simplify your budget management. | Read more »
Meat Factory (Games)
Meat Factory 0.1 Device: iOS Universal Category: Games Price: $.99, Version: 0.1 (iTunes) Description: Meat factory harks back to the old days of the game and watch. Easy to pick up and play, but hard to score big. With cute visuals, simple controls and a retro music, Meat Factory is addictive and nostalgic. | Read more »
Medford Asylum: Paranormal Case - Hidden...
Medford Asylum: Paranormal Case - Hidden Object Adventure (Full) 1.0 Device: iOS Universal Category: Games Price: $4.99, Version: 1.0 (iTunes) Description: Uncover the mystery of Medford City asylum! | Read more »
All contents are Copyright 1984-2010 by Xplain Corporation. All rights reserved. Theme designed by Icreon.