People who use their phone for financial transactions are in the minority for the moment, but it’s not stopping cyber criminals from targeting mobile banking apps.
Trusteer CEO Mickey Boodaei believes these criminals have the tools to turn mobile finance apps into what he thinks could be the biggest customer security problem yet. In his blog, Boodaei wrote:
In a year from now this is all going to look completely different as more users start banking from their mobile phone and fraudsters release their heavy guns. Trusteer has just released figures predicting that within 12 to 24 months over 1 in 20 (5.6%) of all Android phones and iPads/iPhones could become infected by Mobile malware if fraudsters start integrating zero-day mobile vulnerabilities into leading exploit kits.
Boodaei sees two major issues at work. First, Android security architecture is too weak. Second, the ability to jailbreak iOS makes Apple’s security less than ideal.
We’ve seen plenty of examples of the security problems of the two most popular mobile platforms. Android has already been the victim of malicious apps, and Boodaei wrote:
Dozens of malicious applications have already been identified on the Android Market. Google has removed most of them but more keep coming. Trusteer has identified malicious applications on the Android Market which have stayed there for weeks before being taken off by Google.
As for Apple, eWeek Europe pointed out that we recently saw what can happen when someone jailbreaks a phone. The article stated:
Last week, a team of hackers working on software to jailbreak the iPhone uncovered zero-day vulnerabilities in several versions of Apple’s iOS, that allowed malware to be transferred from infected PDFs onto devices, allowing criminals to access confidential data.
Boodaei doesn’t believe that anti-malware products on mobile devices are the answer to impending financial-related attacks. Instead, he said, part of the solution is to change the way we think about mobile security in general, particularly in the way we download apps.
Of course, I’d say another option for avoiding risks with financial transactions is to not conduct them on a mobile device, but I’m already seeing more business and personal financial transactions moving to smartphones and tablets. So this is an instance where I hope the security folks are ahead of the bad guys in providing good protection.