Sadly, it has always been true that criminals follow the money. Now that money and financial applications are sitting in our mobile devices, they are under attack. And because of the large-scale usage of banking and social media, the attacks are now potentially worthwhile, as are the rewards.
It should therefore come as no surprise that there is a new Android malware Trojan targeting around 94 US and European banking apps, as well as a bunch of social media apps. These include apps from top tier financial services companies, including American Express, Wells Fargo, PayPal, Santander and others. I’m sure that all of these apps include a level of software protection, but the attack appears to bypass this by gaining root access to the handset. Sadly, with software protection, it is always going to be a cat and mouse game, much like the anti-virus updates you used to see every few days on your laptop or computer.
However, there is a solution. Accessible hardware protection is available in over 750 million Android handsets and, because the separation is done at the processor level, it can’t be bypassed by crafty hackers. The usual question is: “What do we do about the handsets that don’t support the hardware?”. Well, Trustonic offers a hybrid solution which automatically delivers security at the hardware level if it is available on the handset, but provides sophisticated software protection if it isn’t. This hybrid solution is far more secure than a pure software-based solution, offering scale across all devices, and, importantly, optimal security protection – hardware TEE where available, software everywhere else.
While there will inevitably be other potential sources of easy illicit money somewhere in the world for those so-inclined, the days of it being worthwhile investing time and effort in trying to prise money from banking apps should really be numbered.
For more information on how Trustonic can help to protect mobile payments, our upcoming webinar on 6thDecember will be invaluable. Further details are available at http://bit.ly/2eW4XVS
