mobile banking security
DESCRIPTION
Mobile Banking Security. Joe LoBianco, CISSP, CISM Moderator: Illena Armstrong, editor-in-chief, SC Magazine. Presentation Agenda. What is the current state of mobile computing? What are consumer attitudes toward mobile banking? Is mobile banking secure? What could the future hold?. - PowerPoint PPT PresentationTRANSCRIPT
Mobile Banking Security
Joe LoBianco, CISSP, CISM Moderator: Illena Armstrong, editor-in-chief, SC Magazine
Presentation Agenda
What is the current state of mobile computing?What are consumer attitudes toward mobile banking?Is mobile banking secure?What could the future hold?
Current State of Mobile Computing
Industry is in a state of flux – mobile devices are evolving rapidly
iPhone60%
BlackBerry10%
Other10%
Android20%
Smartphone Usage Trends
May 2010 Mobile Web Usage:
• What will this look like in 2011?– Does Windows Phone 7 change anything?
Source: Quantcast
Mobile Banking Today
10 Million Mobile Banking
Subscribers22 Million Mobile
Banking Subscribers
Source: ABI Research
Consumer Attitudes towards Mobile Banking
Only 19% of Canadian Consumers feel comfortable with mobile banking
Why are the other 81% not comfortable?
Source: KPMG
Is this Consumer Attitude Justified?
Virtually all mobile threats have originated from fake apps, with little consumer impact
VS.
Hacker’s Magic Quadrant
Why spend time on difficult and low return activities when there are easy ones with higher returns?
Ease of Attack/Likelihood
Rew
ard/
Impa
ct
Waste of time
Easy money
Hacker’s Magic Quadrant
Today’s Mobile Banking Threats
Threat Vector Applicability to Mobile
PhishingFake AppsTargeted Malware (Attachments, URLs,etc.)Drive-by Malware
Phishing and fake apps pose a threat to mobile bankingOther types of malware have yet to emerge as an active threat
Drive-by Malware In More Depth
What is it?Malware that installs without user intervention
Why is it such a threat?Users can be infected by visiting legit sites without taking any action
Conditions for success:Browsers or web plug-ins with lots of vulnerabilities, preferably found very oftenCommon OS baseCommon hardware platform
As of today, this remains a significant threat for PCs, but not for mobile devices
Bringing it all together...
Hacker’s Magic Quadrant
Easy money...
Waste of time ...
Advice for Security Professionals
When doing an assessment of mobile banking:
Standard secure development practicesConduct Pen Test & code reviewWatch out for client side caching of data!
Protecting your users:Educate users on fake appsLock down devices, where possible
Future - what does the crystal ball hold?