Interested in Advertising? Black Engineer provides black technology news and information about black engineering, black entrepreneurs, black technology, black engineers, black education, black minorities, black engineer of the year awards (BEYA) and historically black colleges and universities (HBCU) from black community in US, UK, Caribbean and Africa. Find out more about your reader demographics, web-traffic, and valued added client services. Click here to contact us
Mobile banking on Android phones could put consumers at risk of fraud and cost banks millions a year global IT security firm MWR InfoSecurity has warned on the final day of the Mobile World Congress held in Barcelona.
MWR Labs, the research arm of MWR InfoSecurity, investigated the security standards of leading Android mobile phone brands to determine the overall exposure to risk of consumers who use mobile devices phones for online banking. Recent research has shown that Android is now the leading phone platform with over 50% market share, driving the development of mobile banking apps for the Android Environment. Results indicated that on some handsets as many as 64% of manufacturer added applications were exposing users to serious security issues.
Harry Grobbelaar, MWRís Managing Director in South Africa, said: ďWe found that while banking apps were generally well written and had very few security issues, the integrity of consumer phones was often compromised by software provided by the phone manufacturer or additional software added by the network provider, exposing online banking customers to potential fraud.Ē
He added: ďSome of the leading Android handset manufacturers are already looking at shipping mobile devices with native near-field communication (NFC) payment functionalities but if the software in the phones is not secure, the risk will then be even higher.Ē
More to the point, the increasing number of merchants moving to smartphone based Point of Sale (POS) devices, for example using Bluetooth or directly connected chip-and-pin accessories for iPhone or Android, indicates that mobile phones will become a critical element in the payment chain and if not adequately protected, they could introduce additional risks for card fraud that could cost banks millions a year.
The above findings were illustrated by the ruling on HTC by the Federal Trade Commission in the United States on February 22nd that required immediate action by HTC to address security weaknesses in the software developed for its mobile devices that allowed location tracking and the theft of personal information stored on users phones.
The MWR Labs looked at six classes of potential vulnerabilities in apps and packages in the leading brands and mobile phones using a modified version of Mercury, its security testing framework, to automatically scan the devices and identify security weaknesses.
The research discovered security vulnerabilities in software added by phone manufacturers or network providers which could be targeted by a malicious application inadvertently downloaded by the user. These weak apps often have more permissions that allow them to access contacts, make telephone calls and even record the content of those calls, meaning that the potential consequences are serious and sensitive data could be compromised.
Other applications were found that allowed further apps to be installed with an arbitrary set of permissions, essentially leaving consumers fully exposed to fraud.
Grobbelaar said: "The move by consumers away from PC's for online banking to mobile platforms will inevitably be followed by the criminal gangs who have been successfully targeting online banking for years. We have already seen many examples of malicious apps sending premium rate text messages and expect there will be a natural progression to higher value areas such as payments and banking." MWR InfoSecurity supplies services which support clients in identifying, managing and mitigating their Information Security risks.
A virtual spokesperson for black technology, BlackEngineer aspires to serve as leading news and information provider on the advancements in black technology with deep insights into black engineering, black entrepreneurs, black education, and historically black colleges and universities (HBCU). In fact, BlackEngineer is one of the very few to promote the achievements of black technology. The Black engineer of the year awards (BEYA) is one of our successful ventures to promote black technology, progress and achievements made in black technology, and the sentiments of the Black community in the US, the UK, Caribbean, and Africa.
Black technology entrepreneurs are increasingly providing the horsepower that drives the global economy. Over the last two decades, black entrepreneurs have created more jobs, and contributed much more to the economic expansion of the Black community as a whole, than any black pastor or politician. Black entrepreneurs are taking risks and building businesses that generate economic growth and increase prosperity in underserved areas, as more minority-owned and minority-focused businesses emerge, willing to serve the financial needs of Black entrepreneurs. US Black Engineer & Information Technology magazine's annual list of Top Black Technology Entrepreneurs reflects the expanding scope of leading Black entrepreneurs in information technology, homeland security, and defense.