mobile application vulnerability, online banking vulnerabilities,

 

 

 

 

 

Consider this scenario: Saturday morning, beginning of your weekend, you are lazing and enjoying your hot cup of tea…and there comes your better half, with a list of bills to pay and grocery and clothes shopping for you to finish! Is your weekend ruined? Not really- because your handy smartphone with multiple useful applications, allows you to finish all these tasks online within minutes…but were your transactions secure? 90% of the top mobile banking applications have been found to have serious security flaws. As per the Consumers and Mobile Financial Services 2014, mobile usage saw a huge increase in 2013, with 87% of US population registering as mobile users, out of which 61% used smartphones. But only 45% of these were comfortable in using their phones for financial transactions due to the fear of phone hacking or their apps being infected by malware/viruses. Securing your mobile applications is not an option any more, but a necessity.

Recent threats to mobile applications

Unfortunately, their fear is not baseless. Recently discovered malicious Android application, HijackRAT, is the latest in the list of OS malwares, which are targeting mobile banking users. This newest entrant, binds together the old and the new hijacking techniques, into a single piece of advanced malware and masks itself as a “Google Service Framework.” This malicious application, makes a deadly cocktail of private data theft, banking credential theft and spoofing, and remote access into a single unit, as opposed to traditional malware, which can perform only one of these functions.

HijackRAT Malware’s features

This highly advanced malware, hands over the control of the infected device to the hackers and:

  1. Hijacks SMS messages and contacts- can retrieve and send them
  2. Activates installation and updates of malicious applications
  3. Scans the infected device for legitimate banking applications and replaces them with fake ones.

Presence of such malwares acts as deterrents for the various mobile users. Concern over the security of technology is high amongst them and a mere 2% believe that mobile banking is “very safe”.

Can you be mobile as well as secure?

Being aware of the different mobile security issues can help you look for the solutions that can prevent them. The most common ways in which a device gets infected with malwares are, bad apps, malicious websites, fake links on social network sites, spurious messages and in-secure network connection. Simple steps, can protect you against malwares:

  1. Be careful, where you download apps from. Applications should be downloaded only from official app stores.
  2. When downloading an app, read the permissions it requires you to accept, as many of them will ask you to access your address book and share them with third parties. It’s best to avoid such apps.
  3. Be careful of typo errors on your phone. You can fall victim to URL hijacking. For e.g. Typing www.adcbank.com instead of abcbank.com ( Typosquatting, also called URL hijacking or fake url, is a form of cybersquatting, which relies on mistakes such as typographical errors made by users when inputting a website address, which is then taken advantage of by cybercriminals who take you to a malicious website )
  4. When surfing the internet, do not click on suspicious links. Especially while visiting social networks, where enticing links for certain videos, may lure you to a malicious page.
  5. Never respond to a message on your phone, coming from an unknown number. Delete them and do not click on any included links.
  6. Free Wi-Fi…yes please! The prospect of using a freely available hot-spot at any public place is very tempting, but an in-secure network which transmits your data without encryption will definitely put your device at risk. The data transmitted in such a manner can easily be accessed by a cybercriminal, and your passwords, personal information, will all be at his/her mercy.
  7. For enterprises: Mobile application security is of paramount importance. Sign up with a comprehensive mobile application security penetration testing solution, which will scan and protect your applications from malwares and vulnerabilities. This will ensure that you are notified of any malicious element lurking in your apps, before its harms your customer’s data.
  8. For consumers: Ensure that the apps that your bank or e-commerce vendor is providing to you, are properly tested and secure. Install timely software updates provided by your OS provider.

Let us help you validate how secure is your mobile application

Founder & Chief Marketing Officer, Indusface

Venky has played multiple roles within Indusface for the past 6 years. Prior to this, as the CTO @indusface, Venky built the product/service offering and technology team from scratch, and grew it from ideation to getting initial customers with a proven/validated business model poised for scale. Before joining Indusface, Venky had 10+ years of experience in security industry and had held various mgmt/leadership roles in Product Development, Professional Services and Sales @Entrust.