About

Subscribe to InfoSec

  • Enter your email address:

    Delivered by FeedBurner

Bookmark and Share

Recent Posts

Westfield Links

Westfield Blogs

Categories

Blogroll & other links

« How to Stay Clear of Census Scams | Main | The Overly Eager Bird Catches a Worm »

26 February 2010

Got an App for that?

You see all the commercials about mobile device apps?  Nowadays it seems just about everyone has an app for just about anything.

So what does this have to with security? Well, it appears that there have been some malicious apps that target the financial industry. Google has removed a number of malicious apps this past December.

This is a phishing derivative which gets the victim to voluntarily download the app from a well-known app provider such as Google, Apple, Research in Motion, Palm, and others instead of redirecting them to a fraudulent URL. Once the app is downloaded and executed, the application can collect personal and financial information entered by the mobile subscriber, or collect sensitive data that resides on the mobile device. App stores are working to validate these programs but with the popularity and quantity of apps, some will get through unchecked. There are several reasons that indicate why this will get worse before it gets better.

Financial institutions are pushing for additional services for mobile banking. As they add more transaction-based services, there is additional information for the fraudsters to get. Currently, in most mobile banking app, for example, they can only get your balance and last five transactions. When they add transactions like the ability to move between accounts, additional account numbers and passwords will be exposed to theft.

The people committing the fraud are very aware of mobile capabilities. A malicious app could go undetected for long periods of time. When it is noticed and determined to be malicious, it could take longer to notify those affected and get them to uninstall it.

Most people are not ready for mobile apps fraud.  Criminals will prey on the naivety of mobile subscribers who believe the apps they are using are legitimate (perhaps because of the reputation of the place from which they downloaded it).

How do you prevent yourself from becoming a victim? One way is be very suspicious of apps that require sensitive information to be used like social security number or account number(s). You could contact your financial institution and see if they have validated the app to accomplish the same function (perhaps downloadable from the institution’s own web site).

Read the full article “Fraudulent mobile applications will threaten mobile banking securityhere.

Posted by Jeff Gibson |

| | | | |

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.