Mobile banking really came into its own in 2011, when most financial institutions stepped up the competition with newer interactive features, better interfaces, and appeared on more platforms.
According to comScore’s most recent report native mobile banking apps experienced a 45 percent increase from December 2010 to June 2011, and McAfee thinks the avenue is now primed for a massive wave of attacks.
In a report released last week entitled 2012 Threats Predictions, McAfee delineated the myriad software and hardware problems that we should expect for the coming year, such as attacks on traditionally underprotected utility companies like water and oil, legitimate companies harvesting emails then sending out spam, and increased “hacktivism” to name just a few. However, probably the scariest and most prevalent threat is posed to your shiny, new smartphone.
I have to emphasize those adjectives because with the new wave of mobile banking apps, certain platforms have become, shall we say, less desirable. Many banks have not even created apps for Blackberry or Windows phones, and the ones that do exist are choppy and make you feel like your personal information is as insecure as possible.
Therefore, those exact platforms have hundreds of thousands of sleek apps, namely Android and iPhone, that will suffer most under the newest wave of attacks. With control of over 70 percent of the smartphone market, it is clear that any targeted attacks will focus on these operating systems.
The Root of the Issue
The problem then, according to McAfee, is two-fold.
Before addressing the mobile issue directly, McAfee discusses an underlying looming threat to all hardware with embedded systems like GPS devices, routers and network bridges, which are susceptible to outside attacks. Now that embedded systems are making their way into the business and consumer worlds, malware writers will soon have access to all types of operating systems.
When the operating system is running your mobile banking transaction, the threat increases because attackers “will gain greater control and can maintain long-term access to the system and its data.” Successful attacks on hardware will complement those on mobile banking because the mobile threats are not wholly reliant on embedded systems.
Mobile Banking Threats
McAfee warns mobile users that mobile banking is already susceptible to techniques previously utilized exclusively for attacking online banking. The function of the login not only keeps other people from accessing your account without your password, it also only allows transactions to go through when you are actually logged in. This way hackers can only perform transactions from within the username.
However, hackers caught up and now steal from victims while they are still logged in by making it appear the transaction came from the user. McAfee predicts that mobile banking is now receptive to these kinds of attacks.
As more people manage their finances over their phones, hackers may lay off heavy computer hacks and shift their attention to mobile platforms.
The entire study can be accessed here (PDF).
How to Protect Yourself
So what do you do now that you know your phone is potentially under attack?
Lianne Caetano, Director of Mobility Product Marketing at McAfee, emphasized during a phone interview that aside from password-protecting your phone and never texting any personal or sensitive information, you must treat your phone like a computer.
Now that mobile banking is hugely popular, install protection like McAfee Mobile Security, launched last June for Android, Blackberry and Symbian. It provides a suite of protection including anti-theft, anti-virus, and anti-phishing. Also, though it might seem tempting, resist the urge to hack or jailbreak your phone since that leaves it extremely vulnerable to viruses or Trojans.
Be aware that anything you download onto your phone is subject to outside manipulation especially when dealing with the Android market, which removes most oversight from the apps they feature. Android was forced to pull a slew of mobile banking apps last January when they discovered that a developer named ’09Droid’ created them.
Fraudulent applications exist (yes, even in the holy App Store), so do not download anything onto your phone (especially games!) without verifying its legitimacy first. Ideally, you should go through your bank’s website directly to download its application; this is the best way to verify that it is truly the one selling the app.
As always, review your financial records regularly, and if you find suspicious activity contact your bank immediately.