16 posts in this topic

As fast as banks are trying to outwit online hackers, the hackers are revising their strategies to evade the new security measures.

Banks have started to send one-time codes via SMS text messages to customers to use in addition to passwords for logging in to their accounts. So hackers have devised insidious software to steal the texted codes in real time.

Researchers at software security maker McAfee even found a pair of new malware programs that afflict users of Google?s (GOOG) Android phones by replacing official bank apps with hacked replacements. Victims think they?re logging in to their accounts legitimately, but the apps send all the info -- including the SMS codes -- back to the criminals.

Most of the action is in Asia, where customers are far more likely to use unofficial app stores that cater to their native language.

Overall, the number of malware programs attacking mobile users continues to skyrocket. McAfee researchers collected samples of more than 30,000 malicious mobile apps in the first half of 2013, almost exceeding the 35,000 apps seen in all of 2012.

Virtually all of the software attacks smartphones running Google?s Android operating system, mostly through unofficial app sites. Android users can install security software just like PC users to protect their phones, including several apps made by McAfee, a unit of Intel (INTC).

Hackers mainly rely on the unofficial app stores as Google has taken steps to make its Play store more secure. Android phones can easily install apps from beyond the official channel, however. That?s common practice in China, India and Japan.

?The drawback of the unofficial stores is they don?t have as good oversight or malware checking in most cases,? says Adam Wosotowsky, principal messaging operations engineer at McAfee.

Users of Apple's (AAPL) iPhone can?t install third-party apps easily. And Apple?s iTunes app store is tightly controlled and tough for hackers to penetrate, although it has been done.

Originally, most banks required a customer to log in with just a user name and password. Sometimes, the banks required additional security questions, such as the name of the customer?s first pet. But cyber criminals had an easy time placing rogue programs on bank customers? computers to steal all of the required log in information.

So to combat the thieves, banks added so-called two-factor authentication. When a customer logs in with their password, the bank sends a special code in a text message to the customer?s smartphone. That was supposed to ensure that criminals with a stolen password couldn?t get into the account.

But with the text message-stealing apps, the criminals can get the texted code, as well.

more

Share this post


Link to post
Share on other sites

that's why you use a 2-factor app that generates it locally.

Share this post


Link to post
Share on other sites

I don't know why people use their phones for banking services because I've always thought a phone, due to the fact it can be stolen or lost more easily, is less secure and hence I don't really use it for sensitive stuff. I do use facebook on my phone, but again, I've been careful what I add on facebook, at least I've tried to anyway. 

2 people like this

Share this post


Link to post
Share on other sites

I don't know why people use their phones for banking services because I've always thought a phone, due to the fact it can be stolen or lost more easily, is less secure and hence I don't really use it for sensitive stuff. I do use facebook on my phone, but again, I've been careful what I add on facebook, at least I've tried to anyway. 

 

Bingo. I do the same as well.

 

I do the banking on my wired laptop or go the bank for up to date balance.

Share this post


Link to post
Share on other sites

Most of the action is in Asia, where customers are far more likely to use unofficial app stores that cater to their native language.

 

Don't do this. Stick with the official Play Store and you'll be fine.

1 person likes this

Share this post


Link to post
Share on other sites

I stick to the official Play store, and even then, I don't do online banking through my phone.  There's no guarantee some toerag won't steal it, after all!  I keep nothing sensitive on my phone at all and IMO, anyone that does is just asking for trouble.

1 person likes this

Share this post


Link to post
Share on other sites

that's why you use a 2-factor app that generates it locally.

 

That wont help what so ever. Since your data must be switched on it can still send the "local" code to them anyway.

 

But Im also one of the people who dont use online banking with my phone. Hell, I havent even entered my credit card detail to the store trough my phone, no thanks.

Share this post


Link to post
Share on other sites

I stick to the official Play store, and even then, I don't do online banking through my phone.  There's no guarantee some toerag won't steal it, after all!  I keep nothing sensitive on my phone at all and IMO, anyone that does is just asking for trouble.

I remember not too long ago Cnet was recommending using a Linux LiveCD to do your online banking.

Share this post


Link to post
Share on other sites

^ You may as well just go to the bank, instead.

Share this post


Link to post
Share on other sites

What's implicit here is that the problem is Android. Even Play gets a lot of malware published in it. Not pushing updates to all phones makes it even worse.

 

Apple and Microsoft restrictions do work in making their phones safer.

Share this post


Link to post
Share on other sites

What's implicit here is that the problem is Android. Even Play gets a lot of malware published in it. 

 

How much is a lot? I've never gotten anything and I've use the Store all the time.

Share this post


Link to post
Share on other sites

What's implicit here is that the problem is Android. Even Play gets a lot of malware published in it. Not pushing updates to all phones makes it even worse.

 

Apple and Microsoft restrictions do work in making their phones safer.

 

You are definitely correct. I mean, to be fair, android's fragmentation has advantages but this is one of the disadvantages. Maybe developers can put security apps built into their ROMs as an added bonus? For those that don't want any bundled apps, they can be removed but for others, its there in the background. 

Share this post


Link to post
Share on other sites

Not even the Play Store is safe. That's the problem.

Share this post


Link to post
Share on other sites

Not even the Play Store is safe. That's the problem.

 

Neither is the Apple Store.

Share this post


Link to post
Share on other sites

And how are these apps getting onto people's phones in the first place?

Share this post


Link to post
Share on other sites

for my sms banking stuff, i use non-smart phone, and use a strong chain on it to prevent pickpocketing.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.