Mobile Banking Security: Beware These Android Vulnerabilities

Smartphones are not immune to hackers.  A friend took her phone to her carrier’s retail location because it kept getting hot without her even using it, and she noticed the battery was draining faster than ever.  The store rep told her they needed to immediately wipe her phone clean because it had been hacked.  Yikes!  The hackers can gain complete control of a device, from calls to texts to applications like Facebook and mobile banking without you even knowing it.

In Roy Urrico’s piece in Credit Union Times, he warns against vulnerabilities on some Android phones that could allow hackers to do just this. Some highlights from the article are below.  We understand cyber security and the security concerns mobile bankers have, and designed a mobile banking solution that is focused on true integration, eliminating some of the risks with data security.

The San Francisco-based Zimperium Mobile Security warned that a flaw in the Android media library Stagefright has left 95% of an estimated 950 million Android-based mobile devices susceptible to remote code execution vulnerabilities.

“Built on tens of gigabytes of source code from the Android Open Source Project, the leading smartphone operating system carries a scary code in its heart,” Zimperium stated on its blog. “Named Stagefright, it is a media library that processes several popular media formats. Because media processing is often time-sensitive, the library utilizes native code (C++), which is more prone to memory corruption than memory-safe languages like Java.”

Zimperium added, “Attackers only need your mobile number to remotely execute code via a specially crafted media file delivered via MMS. A fully weaponized successful attack could even delete the message before you see it. You will only see the notification.”

These vulnerabilities are extremely dangerous because they do not require any action from the victim, the security firm noted. Unlike with spear-phishing, attackers do not require victims to open a bogus PDF file or link – the fraudster can trigger the vulnerability and remove any trace of compromise without the victim’s knowledge.

Sjouwerman said he strongly recommends using two-factor authentication for any financial transaction over the Internet, especially over any kind of wireless device.

Malware increasingly threatens mobile phone users. A May Symantec security report revealed that 17% of Android apps (nearly one million total) are actually malware in disguise. Most identified mobile malware tries to steal users’ personal data, the security firm said. One-third, or 2.3 million of 6.3 million Android apps, are grayware or malware apps. While these applications do not harm a smartphone, they are mainly intrusive because they track user behavior for the primary purpose of placing advertisements, Internet security expert Ali Raza said in a LIFARS newsletter.

So if you are implementing new mobile banking technology for members, ensure that it is not hastily released without adhering to your mobile banking security measures. 



Your email address will not be published. Required fields are marked *