Topics:

Mobile banking is not for the unwary

Tools


Mobile banking is fast becoming a reality as European smartphone penetration continues to rise. Operators are also keen to exploit the service in the hope that it will reduce churn and provide them with some additional revenue.

Of note, Deutsche Telekom CEO Rene Obermann recently confirmed that the company is actively looking at m-banking, while its rival Vodafone is pushing ahead with the expansion of its M-Pesa service, and has also recently announced a partnership to launch M-Pesa in India with the giant Icici Bank.

There are numerous partnership deals involving European mobile operators and banks--there may actually be a confusing amount--that have already been launched, or are being readied. What seems to be clear is that operators and banks want to connect you to your funds quicker, more accurately and efficiently than ever before.

However, it also seems that the criminal fraternity lurking out in the market also wants to be connected to your mobile money, as well.

Smartphone owners are being targeted by increasingly sophisticated mobile malware as cybercriminals turn their attention to this lucrative new source of cash, according to a new study conducted by AVG Technologies.

The company claims that the cybercriminals now have ready access to commercialised malware, with the "Blackhole Toolkit" being the most frequently seen.

In August, AVG's threat labs identified a sudden increase in the use of the Blackhole Exploit kit to target popular social networks, leaving users unable to log- n to their accounts or access any games or apps. The attack was co-ordinated from multiple external advertising servers, which generated an exceptional increase from 250,000 attacks to over 1.6 million recorded events within an eight-hour period.

Of more concern to m-banking users is Zitmo, better known as "man-in-the-mobile" malware, which specifically aims to bypass the two-factor authentication process used by many online banking services.

AVG said that an updated version of Zitmo has been spotted recently in which the malware targeted German m-banking users. In this attack, Transaction Authentication Numbers (TAN) were used as a one-time password to authorise financial transactions. The mobile TAN system is used by banks in countries including Austria, Germany, Spain, Switzerland, the UK and the United States.

The effort and technical skills needed by cybercriminals to achieve this level of penetration are likely to be considerable, but I would guess they don't commit resources unless the returns are achievable and significant.

Yet smartphone owners seem aware of this threat.

New research from Metaforic reveals that nearly 70 per cent of mobile device owners who have not adopted financial apps are holding back due to security fears. This is perhaps not too surprising given that Android malware is increasing at over 1,000 per cent per year, and the latest iPhone software, iOS 6, was hacked even before release.

For smartphone owners, it might pay to be a little cautious.--Paul