Win the Cyberwar on Mobile Banking and Payments

Slides:



Advertisements
Similar presentations
B-CERB complete protection against phishing copyright 2008 by Wheel.
Advertisements

Ziv Cohen – Director, EMEA
HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.
Mobile device security Practical advice on how to keep your mobile device and the data on it safe.
BUSINESS PLAN Project Brief: Facilitating general public to have Cash-in-hand by converting mobile phone credit to cash. And transfering the credit to.
Xiao Zhang and Wenliang Du Dept. of Electrical Engineering & Computer Science Syracuse University.
Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Security in Banking Emmanuel van de Geer Senior Architect Governance, Risk,
1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
Parameter Tampering. Attacking the Ecommerce Shopping Cart In the above image we see that a user who wants to purchase a Television visits an online Store.
New trends on cyber security - Cyber Espionage & Identity theft By K S Yash, CRO 1.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
#AVeSPresents AVeS Cyber Security Confidence in your Digital Information 2014/09/25 Charl Ueckermann Managing Director AVeS Cyber Security Lex Informatica.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.
Wonga example Register Question- What risks do you think businesses face due to IT developments?
Access · convergence · management security · performance Margins in Mobility – Ian Kilpatrick, Wick Hill.
Protecting Against Online Fraud F5 SIT Forum
William Enck, Machigar Ongtang, and Patrick McDaniel.
COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.
INTRODUCTION Coined in 1996 by computer hackers. Hackers use to fish the internet hoping to hook users into supplying them the logins, passwords.
First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
Evolving Threats. Application Security - Understanding the Problem DesktopTransportNetworkWeb Applications Antivirus Protection Encryption (SSL) Firewalls.
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Cyber Crimes.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Mobile Devices Carry Hidden Threats With Financial Consequences Hold StillInstalled.
Presented by: Kushal Mehta University of Central Florida Michael Spreitzenbarth, Felix Freiling Friedrich-Alexander- University Erlangen, Germany michael.spreitzenbart,
© 2014 CustomerXPs Software Pvt Ltd | | Confidential 1 Tentacles of Fraud #StarfishBanks CustomerXPs Software Private Limited.
Technology in Action Alan Evans Kendall Martin Mary Anne Poatsy Twelfth Edition.
WEBSENSE ® SECURITY LABS™ 2006 Semi-Annual Web Security Trends Report OWASP Presentation November 9, 2006 Jim Young (301)
Click to edit Master title style Click to edit Master text styles –Second level Third level –Fourth level »Fifth level June 10 th, 2009Event details (title,
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.
Topic 5: Basic Security.
Leave Me Alone: App- level Protection Against Runtime Information Gathering on Android NAN ZHANG, KAN YUAN, MUHAMMAD NAVEED†, XIAOYONG ZHOU AND XIAOFENG.
Bonanza Health Card -How to Buy Online??. Download “Bonanza Health” App from Google Play Store. Search for Bonanza Health Care and Click on it. Install.
SSL. Why Is Security Important ●Security is important on E-Commerce because it makes sure that your information gets from your computer to their server.
Financial Sector Cyber Attacks Malware Types & Remediation Best Practices
Android System Security Xinming Ou. Android System Basics An open-source operating system for mobile devices (AOSP, led by Google) – Consists of a base.
The rising standards of EU Mobile Payments October 2015 Jeremy King, International Director.
MobileSecurity Vulnerability Assessment Tools for the Enterprise Mobile Security Vulnerability Assessment Tools for the Enterprise Integrating Mobile/BYOD.
321 Phishing Vishing SMiShing Social Engineering Techniques.
MANAGING RISK. CYBER CRIME The use of the internet and developments in IT bring with it a risk of cyber crime. Credit card details are stolen, hackers.
ICT & Crime Introduction. Homework read THREE stories from ict.com/news/news_stories/news_crime.htm & produce a 3-fold leaflet describing/discussing.
VMM Based Rootkit Detection on Android
Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.
© 2015 IBM Corporation John Guidone Account Executive IBM Security IBM MaaS360.
NADAV PELEG HEAD OF MOBILE SECURITY The Mobile Threat: Consumer Devices Business Risks David Parkinson MOBILE SECURITY SPECIALIST, NER.
FLTCYBERCOM / C10F    U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET    1 Overall Classification of this Briefing is UNCLASSIFIED//FOUO Phishing.
KASPERSKY INTERNET SECURITY multi-device  Average number of devices in households: 4.5  Consumer device diversity will continue to expand.
SAP – our anti-hacking software. Banking customers can do most transactions, payments and transfer online, through very secure encrypted connections.
CASE STUDY: ELECTRONIC BANKING By: Sarah Baig, Laura Logan, Agyakwa Tenkorang.
Android and IOS Permissions Why are they here and what do they want from me?
Information Systems Design and Development Security Precautions Computing Science.
E-Commerce Infrastructure. Learning Objectives 1. Understand the major components of EC infrastructure. 2. Understand the importance and scope of security.
Mobile device security Practical advice on how to keep your mobile device and the data on it safe.
James F. Fox MENA Cyber Security Practice Lead Presenters Cyber Security in a Mobile and “Always-on” World Booz | Allen | Hamilton.
KASPERSKY INTERNET SECURITY FOR ANDROID. YOUR MOBILE DEVICES NEED PROTECTION More online communications and transaction are happening on tablets and phones.
Cyber security. Malicious Code Social Engineering Detect and prevent.
IT Security  .
Cyber Security Awareness Workshop
Binder Attack Surface in Android
Security Threats Haunting the E-Commerce Industry. How Can Security Testing Help?
Faculty of Science IT Department By Raz Dara MA.
Computer Security By: Muhammed Anwar.
Information Security – Sep 18
Security in mobile technologies
ONLINE SECURITY, ETHICS AND ETIQUETTES EMPOWERMENT TECHNOLOGY.
Presentation transcript:

Win the Cyberwar on Mobile Banking and Payments Jeff Fu Bangcle Security – SecNeo Ltd.

You Probably Already Know About Mobile Banking Threats But you might not know there’s an entire illegal industry dedicated to mobile banking. Do you know what keys Cybercriminals have? How they steal money from Android App?

2013 Malware Threats on Mobile 2013: 143,211 New malwares 3,905,502 Malicious installation packages For the 259 new malware families on Q3, 2013 2011 -2013 In total: Approximately 10,000,000 unique malicious installation packages

Malware Threats on Android 2013 Malware Threats on Android 2013 Android remains a prime target for malicious attacks. 98.05% of all malware detected in 2013 targeted this platform, confirming both the popularity of this mobile OS and the vulnerability of its architecture.

Malware Target Mobile Banking 2013 Malware Target Mobile Banking 2013 2013 The number of mobile banking malware The cyber industry of mobile malware is becoming more focused on making profits more effectively. I.e., mobile phishing, theft of credit card information, money transfers from bank cards to mobile phones and from phones to the criminals’ e-wallets. 2013 was marked by a rapid rise in the number of Android banking Trojans.

The Geography of Mobile Threats 2013 Country % of all attacked unique users 1 Russia 40.34% 2 India 7.90% 3 Vietnam 3.96% 4 Ukraine 3.84% 5 United Kingdom 3.42% 6 Germany 3.20% 7 Kazakhstan 2.88% 8 USA 2.13% 9 Malaysia 2.12% 10 Iran 2.01% Countries where users face the greatest risk of mobile malware infection (the percentage of all attacked unique users)

Mobile Banking Virus-Svpeng Svpeng detected by Kaspersky as Trojan-SMS.AndroidOS.Svpeng.A Collects phone information Steals voice call SMS messages Steals money from the victim’s bank account Steals logins and passwords to online banking accounts Steals bank card information (the number, the expiry date, CVC2/CVV2) ,

My App Is Already Safe Enough My app is good designed, I considered all the potential risks. My app is good programed by senior engineers. My app is completely tested, all the bug is fixed. My app is published to the Google Market. My customers installed the official released Apps. Yes, I believe you have done all what you can do But your App is still in danger

Tampering and Reverse-engineering Attacks Attack Method Solution Bypass Integrity protection and verification No Steal source code and security logic Repacking the App and conducting fraud Repacking the App and inserting malware code Bypass the local security control Move security control to server side Get the symmetric encryption password and decryption local data Use asymmetric encryption

Dynamic Injection and Hijack Attack Attack Method Solution Dynamic memory injection attack to modify transaction information No Dynamic components hook attack get account ID, password UI hijack attack to get user input Keyboard hijack attack to get user input MAN-IN-THE-MOBILE attack MAN-IN-THE-MIDDLE attack

Dynamic injection Demo Hacker injected the payment components Hacker intercepted the transaction data before it is encrypted Hacker modified the account ID and user name The money is transferred to hacker’s account Hacker tamper the invoice message or SMS and changed them back to original transaction account and user name

Root Cause for All These Attacks Integrity protection failure of Mobile Banking App is the root cause for the most attacks. Static integrity protection failure Dynamic integrity protection failure We need to make sure: The App used by the customers is not tamped and repacked The App is always running the same as designed The information in the App can not be accessed and modified All the security logic can not be bypassed

Financial App Protection The leading App Security Provider in the world 2013 In past 3 years, Bangcle provides services to: 100+ Financial and e-Payment Apps 500+ Business App developers Our security products covered more than 300,000,000 smart devices Financial App Integrity Protection Financial App Runtime Protection Financial App Data Protection

Join our Workshop Enable Enterprise-grade Security into your Mobile Apps Schedule: March 19, 4:00 PM ~ 4:45 PM Join us to get more detail information about Bangcle Mobile Banking Security Solution

Visit our Booth Number - F01

Thanks

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.