Download - Mobile Banking Security
![Page 1: Mobile Banking Security](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816332550346895dd3b81d/html5/thumbnails/1.jpg)
Mobile Banking Security
Joe LoBianco, CISSP, CISM Moderator: Illena Armstrong, editor-in-chief, SC Magazine
![Page 2: Mobile Banking Security](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816332550346895dd3b81d/html5/thumbnails/2.jpg)
Presentation Agenda
What is the current state of mobile computing?What are consumer attitudes toward mobile banking?Is mobile banking secure?What could the future hold?
![Page 3: Mobile Banking Security](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816332550346895dd3b81d/html5/thumbnails/3.jpg)
Current State of Mobile Computing
Industry is in a state of flux – mobile devices are evolving rapidly
![Page 4: Mobile Banking Security](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816332550346895dd3b81d/html5/thumbnails/4.jpg)
iPhone60%
BlackBerry10%
Other10%
Android20%
Smartphone Usage Trends
May 2010 Mobile Web Usage:
• What will this look like in 2011?– Does Windows Phone 7 change anything?
Source: Quantcast
![Page 5: Mobile Banking Security](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816332550346895dd3b81d/html5/thumbnails/5.jpg)
Mobile Banking Today
10 Million Mobile Banking
Subscribers22 Million Mobile
Banking Subscribers
Source: ABI Research
![Page 6: Mobile Banking Security](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816332550346895dd3b81d/html5/thumbnails/6.jpg)
Consumer Attitudes towards Mobile Banking
Only 19% of Canadian Consumers feel comfortable with mobile banking
Why are the other 81% not comfortable?
Source: KPMG
![Page 7: Mobile Banking Security](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816332550346895dd3b81d/html5/thumbnails/7.jpg)
Is this Consumer Attitude Justified?
Virtually all mobile threats have originated from fake apps, with little consumer impact
VS.
![Page 8: Mobile Banking Security](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816332550346895dd3b81d/html5/thumbnails/8.jpg)
Hacker’s Magic Quadrant
Why spend time on difficult and low return activities when there are easy ones with higher returns?
Ease of Attack/Likelihood
Rew
ard/
Impa
ct
Waste of time
Easy money
Hacker’s Magic Quadrant
![Page 9: Mobile Banking Security](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816332550346895dd3b81d/html5/thumbnails/9.jpg)
Today’s Mobile Banking Threats
Threat Vector Applicability to Mobile
PhishingFake AppsTargeted Malware (Attachments, URLs,etc.)Drive-by Malware
Phishing and fake apps pose a threat to mobile bankingOther types of malware have yet to emerge as an active threat
![Page 10: Mobile Banking Security](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816332550346895dd3b81d/html5/thumbnails/10.jpg)
Drive-by Malware In More Depth
What is it?Malware that installs without user intervention
Why is it such a threat?Users can be infected by visiting legit sites without taking any action
Conditions for success:Browsers or web plug-ins with lots of vulnerabilities, preferably found very oftenCommon OS baseCommon hardware platform
As of today, this remains a significant threat for PCs, but not for mobile devices
![Page 11: Mobile Banking Security](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816332550346895dd3b81d/html5/thumbnails/11.jpg)
Bringing it all together...
Hacker’s Magic Quadrant
Easy money...
Waste of time ...
![Page 12: Mobile Banking Security](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816332550346895dd3b81d/html5/thumbnails/12.jpg)
Advice for Security Professionals
When doing an assessment of mobile banking:
Standard secure development practicesConduct Pen Test & code reviewWatch out for client side caching of data!
Protecting your users:Educate users on fake appsLock down devices, where possible
![Page 13: Mobile Banking Security](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816332550346895dd3b81d/html5/thumbnails/13.jpg)
Future - what does the crystal ball hold?