Jump to content



Photo

Hackers getting better at cracking your phone

usa google mcafee security measures sms codes apple iphone

  • Please log in to reply
15 replies to this topic

#1 Hum

Hum

    totally wAcKed

  • 63,550 posts
  • Joined: 05-October 03
  • Location: Odder Space
  • OS: Windows XP, 7

Posted 21 August 2013 - 22:44

As fast as banks are trying to outwit online hackers, the hackers are revising their strategies to evade the new security measures.

Banks have started to send one-time codes via SMS text messages to customers to use in addition to passwords for logging in to their accounts. So hackers have devised insidious software to steal the texted codes in real time.

Researchers at software security maker McAfee even found a pair of new malware programs that afflict users of Google’s (GOOG) Android phones by replacing official bank apps with hacked replacements. Victims think they’re logging in to their accounts legitimately, but the apps send all the info -- including the SMS codes -- back to the criminals.

Most of the action is in Asia, where customers are far more likely to use unofficial app stores that cater to their native language.

Overall, the number of malware programs attacking mobile users continues to skyrocket. McAfee researchers collected samples of more than 30,000 malicious mobile apps in the first half of 2013, almost exceeding the 35,000 apps seen in all of 2012.

Virtually all of the software attacks smartphones running Google’s Android operating system, mostly through unofficial app sites. Android users can install security software just like PC users to protect their phones, including several apps made by McAfee, a unit of Intel (INTC).

Hackers mainly rely on the unofficial app stores as Google has taken steps to make its Play store more secure. Android phones can easily install apps from beyond the official channel, however. That’s common practice in China, India and Japan.

“The drawback of the unofficial stores is they don’t have as good oversight or malware checking in most cases,” says Adam Wosotowsky, principal messaging operations engineer at McAfee.

Users of Apple's (AAPL) iPhone can’t install third-party apps easily. And Apple’s iTunes app store is tightly controlled and tough for hackers to penetrate, although it has been done.

Originally, most banks required a customer to log in with just a user name and password. Sometimes, the banks required additional security questions, such as the name of the customer’s first pet. But cyber criminals had an easy time placing rogue programs on bank customers’ computers to steal all of the required log in information.

So to combat the thieves, banks added so-called two-factor authentication. When a customer logs in with their password, the bank sends a special code in a text message to the customer’s smartphone. That was supposed to ensure that criminals with a stolen password couldn’t get into the account.

But with the text message-stealing apps, the criminals can get the texted code, as well.

more




#2 primexx

primexx

    Neowinian Senior

  • 12,808 posts
  • Joined: 24-April 05

Posted 21 August 2013 - 22:47

that's why you use a 2-factor app that generates it locally.



#3 Zlain

Zlain

    Neowinian

  • 878 posts
  • Joined: 18-August 05

Posted 21 August 2013 - 22:49

I don't know why people use their phones for banking services because I've always thought a phone, due to the fact it can be stolen or lost more easily, is less secure and hence I don't really use it for sensitive stuff. I do use facebook on my phone, but again, I've been careful what I add on facebook, at least I've tried to anyway. 



#4 shozilla

shozilla

    Neowinian Senior

  • 10,287 posts
  • Joined: 11-January 09

Posted 21 August 2013 - 22:51

I don't know why people use their phones for banking services because I've always thought a phone, due to the fact it can be stolen or lost more easily, is less secure and hence I don't really use it for sensitive stuff. I do use facebook on my phone, but again, I've been careful what I add on facebook, at least I've tried to anyway. 

 

Bingo. I do the same as well.

 

I do the banking on my wired laptop or go the bank for up to date balance.



#5 Growled

Growled

    Neowinian Senior

  • 41,508 posts
  • Joined: 17-December 08
  • Location: USA

Posted 22 August 2013 - 02:56


Most of the action is in Asia, where customers are far more likely to use unofficial app stores that cater to their native language.

 

Don't do this. Stick with the official Play Store and you'll be fine.



#6 FloatingFatMan

FloatingFatMan

    Resident Fat Dude

  • 16,101 posts
  • Joined: 23-August 04
  • Location: UK

Posted 22 August 2013 - 07:24

I stick to the official Play store, and even then, I don't do online banking through my phone.  There's no guarantee some toerag won't steal it, after all!  I keep nothing sensitive on my phone at all and IMO, anyone that does is just asking for trouble.



#7 AwayfromHere

AwayfromHere

    Neowinian Senior

  • 3,012 posts
  • Joined: 03-January 12
  • OS: Windows 10 Preview
  • Phone: Sony Xperia Z3

Posted 22 August 2013 - 07:51

that's why you use a 2-factor app that generates it locally.

 

That wont help what so ever. Since your data must be switched on it can still send the "local" code to them anyway.

 

But Im also one of the people who dont use online banking with my phone. Hell, I havent even entered my credit card detail to the store trough my phone, no thanks.



#8 Growled

Growled

    Neowinian Senior

  • 41,508 posts
  • Joined: 17-December 08
  • Location: USA

Posted 22 August 2013 - 18:08

I stick to the official Play store, and even then, I don't do online banking through my phone.  There's no guarantee some toerag won't steal it, after all!  I keep nothing sensitive on my phone at all and IMO, anyone that does is just asking for trouble.

I remember not too long ago Cnet was recommending using a Linux LiveCD to do your online banking.



#9 OP Hum

Hum

    totally wAcKed

  • 63,550 posts
  • Joined: 05-October 03
  • Location: Odder Space
  • OS: Windows XP, 7

Posted 22 August 2013 - 23:41

^ You may as well just go to the bank, instead.



#10 Seketh

Seketh

    Neowinian

  • 317 posts
  • Joined: 20-March 10

Posted 22 August 2013 - 23:50

What's implicit here is that the problem is Android. Even Play gets a lot of malware published in it. Not pushing updates to all phones makes it even worse.

 

Apple and Microsoft restrictions do work in making their phones safer.



#11 Growled

Growled

    Neowinian Senior

  • 41,508 posts
  • Joined: 17-December 08
  • Location: USA

Posted 23 August 2013 - 02:49

What's implicit here is that the problem is Android. Even Play gets a lot of malware published in it. 

 

How much is a lot? I've never gotten anything and I've use the Store all the time.



#12 Zlain

Zlain

    Neowinian

  • 878 posts
  • Joined: 18-August 05

Posted 23 August 2013 - 11:32

What's implicit here is that the problem is Android. Even Play gets a lot of malware published in it. Not pushing updates to all phones makes it even worse.

 

Apple and Microsoft restrictions do work in making their phones safer.

 

You are definitely correct. I mean, to be fair, android's fragmentation has advantages but this is one of the disadvantages. Maybe developers can put security apps built into their ROMs as an added bonus? For those that don't want any bundled apps, they can be removed but for others, its there in the background. 



#13 Enron

Enron

    Windows for Workgroups

  • 10,761 posts
  • Joined: 30-May 11
  • OS: Windows 8.1 U1
  • Phone: Nokia Lumia 900

Posted 23 August 2013 - 11:41

Not even the Play Store is safe. That's the problem.



#14 FloatingFatMan

FloatingFatMan

    Resident Fat Dude

  • 16,101 posts
  • Joined: 23-August 04
  • Location: UK

Posted 23 August 2013 - 11:55

Not even the Play Store is safe. That's the problem.

 

Neither is the Apple Store.



#15 +Nik L

Nik L

    Where's my pants?

  • 34,388 posts
  • Joined: 14-January 03

Posted 23 August 2013 - 11:57

And how are these apps getting onto people's phones in the first place?