Smartphones
are now a serious target for cybercriminals, with 100% of the top 100
Android apps having been hacked in the past year. Hackers now
specifically target financial apps, such as those used by banks – with
53% of Android banking apps having been cracked, and 23% of iOS apps,
according to a report by app security company Arxan.
Such ‘hacked’ apps are often distributed through unofficial stores
such as Cydia, or via torrent sites – and some have been downloaded
hundreds of thousands of times, Arxan said.
“Pirated versions of popular software are available on
numerous unofficial app stores like Cydia, app distribution sites,
hacker/cracker sites and file download and torrent sites,” said Morgan.
“During our research we discovered that some of the hacked
versions have been downloaded over half a million times which gives a
sense of the magnitude of the problem especially as we embark upon a
season of high consumer activity that will involve payment transactions,
and consumption of products and services via the mobile.” Kevin Morgan,
chief technology officer at Arxan said in an interview with The
Telegraph.
“Mobile financial apps are very fallible,” the report said,
“Financial services app owners will commonly deploy on multiple mobile
platforms toensure their new mobile services can reach the majority of
their total customer base.Evident in this finding, is that these
innovative apps are likely targets of hackers as theseapps may support
monetary transactions. This high-risk category, especially withregards
to mobile banking and payment applications, requires extra vigilance.”
PC World
commented, “Hackers often target financial apps, and with good reason.
If criminals can get between you and your bank, they have access to your
account numbers, passwords, and other useful information. They can
easily turn your money into their money.”While the greatest risks came from apps acquired via torrent sites, unofficial stores and other semi-legitimate sources, Android users could be fooled into downloading “modified” apps even from the official Google Play store, Arxan warned, according to The Guardian’s report.
“Google Play isn’t a vetted app store – it tends to have a
lot of cruft,” said Morgan. “Whereas in the Apple Store you’re almost
certain to see just legitimate apps.”
Morgan said it would be “easy” to insert an app entitled “Bank of
America” into google’s Store. The research was based on data accessed in
October 2013, and the Top 100 Paid app lists on Apple App Store and
Google Play. The researchers also analyzed 20 popular financial apps for
each platform.
The researchers said that the fragmented nature of Android –
and the huge number of devices at low price points, “clearly underlines
that Android is the more insecure operating system. hackers can more
readily target a fragmented, and open Androidecosystem to insert malware
into the Google Play Store. Specifically, the majority of Android
devices will not be able to receive new security measures provided by
Google, which results in users being vulnerable to even known threats.”
ESET Senior Research Fellow Righard J. Zwienenberg
commented in a post earlier this year, “The biggest problem for
consumers is the enormous number of old phones running Android that are
still in use, for which the operators will not release a new version.
Regardless of whether Google releases patches for these versions, the
phones will remain vulnerable.”
Financial watchdogs have warned that the growing use of banking apps
poses a serious threat to banks and their customers, as reported by We
Live Security Earlier this year.
“For firms to successfully provide mobile banking services
to their customers, they will bedependent on IT systems, technical
expertise and detailed knowledge of the payments system.
Many of the firms entering this market are using the specialised services of outsourcing partners,” the FCA
said. “This leads to the risk that there may be a chain of companies
involved in a customer’s transaction,resulting in a greater likelihood
of a problem occurring.”
No comments:
Post a Comment