Online Banking: Mobile Targets

Money transactions are much less secure than on the PC on the mobile phone. Who still wants to use its Smartphone for financial transactions, you must take precautions.
Mid-October last year Erlangen, what users of online banking apps for cell phones the most fear managed two researchers of the University: the two software specialists could intercept financial transactions, which ran the Sparkassen-apps, and manipulate. Although this vulnerability is now corrected. But the hack indicates how unsafe the Smartphone software from banks is generally.

It is all the more alarming, that more and more banks offer purely app-based banking procedures. In addition to the actual program, the users of such systems need to download still a password protected additional app. This generates the appropriate transaction number (TAN). Touch the main app takes over the number.


The task to be comfortable – but unfortunately that comes at the cost of security. Protection from spyware attacks is for online banking in General that the user knows his personal identification number (PIN) and receives for each additional still a TAN. Usually, PIN and TAN land on two different devices. For example, the user logs in with his PIN on the computer and will also receive the TAN by SMS to the mobile phone.
“The problem with the apps is that the authentication only on a device takes place. The user blocking thus itself out”an important part of the safety precautions, says Marc survive the digital Association BITKOM. Hackers use it to spy on the access data. Because Android has its German market share for years at more than 70 percent, the operating system is a popular destination.
Usually, vulnerabilities in the OS and the apps facilitate the attacks. 17 percent of all Android apps as malware, malicious code that is classified by the software company Symantec. But also other systems such as iOS are exposed to hacker attacks. So iOS apps that were infected with XcodeGhost, collect device information. This data encrypted malicious software and uploads them to a server operated by criminals. There are more than 4000 infected apps in the app store.
Hackers try first execute their malicious code attacks and then to extend the privileges of the Trojan to remotely control the phone. “A hacker has root privileges, once it’s over with the security. Through this full permission he can extract all data”, warns Philipp Buchegger from the IT security company SySS testing apps on possible attacks. “Although banks implement numerous cryptographic techniques in their apps, which should discover an attack on the Smartphone, hackers modify however so that everything looks reasonably normal phones. The app itself recognizes therefore. no change” Users also noticed mostly none of the manipulation.
Virus scanner designed to protect against such attacks. They have only restricted access rights and not see what is happening in other protected environments in the mobile, such as encrypted online banking apps. And often the processor for detailed testing is too weak, the battery to quickly empty. Therefore, anti virus apps scan only E-mail attachments.
So what to do? To work around the TAN system, some apps can authorize even biometric transactions on the mobile phone for over a year: A fingerprint is enough. However, this procedure also has hooks. “Biometrics works just as good as the sensors on the mobile phone. It held only a similarity analysis and not a full comparison. “Because the skin is constantly changing,” warns security researcher Buchegger. The difficult is therefore to find the correct tolerance limit. The procedure is too vague, it works even with high similarity and is relatively easy to manipulate. It is too well’s deny access the right eventually.
Keep as the only way out: users of online banking apps need to hedge their financial transactions through a second channel. To create the TAN, they should employ about – usual – a bank card as in banking transactions on the PC, a crypto is now by default integrated into the. That makes the process more complicated, but is regarded among computer experts as relatively safe to attack. (Michael Sudahl)

Gallery

Russian Banking app malware goes social Targets multiple …

Russian Banking app malware goes social Targets multiple ...

Source: www.informationsecuritybuzz.com

Swiss BPC banking software SmartVista is vulnerable to SQL …

Swiss BPC banking software SmartVista is vulnerable to SQL ...

Source: securityaffairs.co

Banks warn of New Android Mobile Malware

Banks warn of New Android Mobile Malware

Source: www.banknomics.com

Public Bank of Malaysia Phished

Public Bank of Malaysia Phished

Source: blog.trendmicro.com

Sony Updates WALKMAN App for Xperia Devices with Folder …

Sony Updates WALKMAN App for Xperia Devices with Folder ...

Source: mobile.softpedia.com

Scamming targets ‘go ahead with purchases despite knowing …

Scamming targets 'go ahead with purchases despite knowing ...

Source: business-reporter.co.uk

Identity Fraud Hits All Time High With 16.7 Million U.S …

Identity Fraud Hits All Time High With 16.7 Million U.S ...

Source: www.javelinstrategy.com

Banking on your phone or computer: which is safer …

Banking on your phone or computer: which is safer ...

Source: www.marketwatch.com

How PayPal revolutionised online paying

How PayPal revolutionised online paying

Source: www.betting-sites.org

Pick n Pay targets online growth in Gauteng with a new …

Pick n Pay targets online growth in Gauteng with a new ...

Source: businesstech.co.za

EU 2020 energy targets: public opinion 2015

EU 2020 energy targets: public opinion 2015

Source: www.statista.com

infographic

infographic

Source: paymentsafrika.com

HSBC banking app not working: Mobile and internet banking …

HSBC banking app not working: Mobile and internet banking ...

Source: www.express.co.uk

Sales Director Resume Sample

Sales Director Resume Sample

Source: www.monster.com

How User Personas Can Improve Your SEO Strategy

How User Personas Can Improve Your SEO Strategy

Source: blog.kissmetrics.com

UBL Funds Manager Jobs August 2018

UBL Funds Manager Jobs August 2018

Source: www.careerjoin.com

LulzSec hackers at “cutting edge” of cyber crime

LulzSec hackers at “cutting edge” of cyber crime

Source: businesstech.co.za

Target Data Breach Can Be Opportunity for Banks

Target Data Breach Can Be Opportunity for Banks

Source: thefinancialbrand.com

Cyber Crime Now Targets Mobile Users

Cyber Crime Now Targets Mobile Users

Source: www.pepqa.org

Dyre malware targets millions of Salesforce users …

Dyre malware targets millions of Salesforce users ...

Source: www.hotforsecurity.com