Money transactions are much less secure than on the PC on the mobile phone. Who still wants to use its Smartphone for financial transactions, you must take precautions.
Mid-October last year Erlangen, what users of online banking apps for cell phones the most fear managed two researchers of the University: the two software specialists could intercept financial transactions, which ran the Sparkassen-apps, and manipulate. Although this vulnerability is now corrected. But the hack indicates how unsafe the Smartphone software from banks is generally.
It is all the more alarming, that more and more banks offer purely app-based banking procedures. In addition to the actual program, the users of such systems need to download still a password protected additional app. This generates the appropriate transaction number (TAN). Touch the main app takes over the number.
The task to be comfortable – but unfortunately that comes at the cost of security. Protection from spyware attacks is for online banking in General that the user knows his personal identification number (PIN) and receives for each additional still a TAN. Usually, PIN and TAN land on two different devices. For example, the user logs in with his PIN on the computer and will also receive the TAN by SMS to the mobile phone.
“The problem with the apps is that the authentication only on a device takes place. The user blocking thus itself out”an important part of the safety precautions, says Marc survive the digital Association BITKOM. Hackers use it to spy on the access data. Because Android has its German market share for years at more than 70 percent, the operating system is a popular destination.
Usually, vulnerabilities in the OS and the apps facilitate the attacks. 17 percent of all Android apps as malware, malicious code that is classified by the software company Symantec. But also other systems such as iOS are exposed to hacker attacks. So iOS apps that were infected with XcodeGhost, collect device information. This data encrypted malicious software and uploads them to a server operated by criminals. There are more than 4000 infected apps in the app store.
Hackers try first execute their malicious code attacks and then to extend the privileges of the Trojan to remotely control the phone. “A hacker has root privileges, once it’s over with the security. Through this full permission he can extract all data”, warns Philipp Buchegger from the IT security company SySS testing apps on possible attacks. “Although banks implement numerous cryptographic techniques in their apps, which should discover an attack on the Smartphone, hackers modify however so that everything looks reasonably normal phones. The app itself recognizes therefore. no change” Users also noticed mostly none of the manipulation.
Virus scanner designed to protect against such attacks. They have only restricted access rights and not see what is happening in other protected environments in the mobile, such as encrypted online banking apps. And often the processor for detailed testing is too weak, the battery to quickly empty. Therefore, anti virus apps scan only E-mail attachments.
So what to do? To work around the TAN system, some apps can authorize even biometric transactions on the mobile phone for over a year: A fingerprint is enough. However, this procedure also has hooks. “Biometrics works just as good as the sensors on the mobile phone. It held only a similarity analysis and not a full comparison. “Because the skin is constantly changing,” warns security researcher Buchegger. The difficult is therefore to find the correct tolerance limit. The procedure is too vague, it works even with high similarity and is relatively easy to manipulate. It is too well’s deny access the right eventually.
Keep as the only way out: users of online banking apps need to hedge their financial transactions through a second channel. To create the TAN, they should employ about – usual – a bank card as in banking transactions on the PC, a crypto is now by default integrated into the. That makes the process more complicated, but is regarded among computer experts as relatively safe to attack. (Michael Sudahl)
Russian Banking app malware goes social Targets multiple …
Swiss BPC banking software SmartVista is vulnerable to SQL …
Banks warn of New Android Mobile Malware
Public Bank of Malaysia Phished
Sony Updates WALKMAN App for Xperia Devices with Folder …
Scamming targets ‘go ahead with purchases despite knowing …
Identity Fraud Hits All Time High With 16.7 Million U.S …
Banking on your phone or computer: which is safer …
How PayPal revolutionised online paying
Pick n Pay targets online growth in Gauteng with a new …
EU 2020 energy targets: public opinion 2015
HSBC banking app not working: Mobile and internet banking …
Sales Director Resume Sample
How User Personas Can Improve Your SEO Strategy
UBL Funds Manager Jobs August 2018
LulzSec hackers at “cutting edge” of cyber crime
Target Data Breach Can Be Opportunity for Banks
Cyber Crime Now Targets Mobile Users
Dyre malware targets millions of Salesforce users …