Caretower provides the latest products of Kaspersky
Who needs a brick-and-mortar bank, a credit card or even a PC
when you can take care of all of your financial transactions with
an app on your smartphone or tablet?
The TurboTax app allows you to take a snapshot of
your W-2 tax form to prepare your income taxes. You can trade
stocks using the E-Trade app.
Google Play, the official store for Android apps (until recently
known as the Android Market), has
more than 5,000 banking apps. Chances are good that you’ll be
able to handle all of your banking needs without moving anything
but your forefinger.
It’s convenient, yes. But are these apps safe to use? That answer
is more complex.
Second-string security
“We’ve seen a few examples where it became clear the mobile
finance apps didn’t quite receive the same level of security
scrutiny as their traditional counterparts,” said Roel
Schouwenberg, Boston-based senior researcher at Kaspersky Lab,
adding that this is
a problem for mobile apps in general.
[ What
to Do If Your Online Account's Been Hacked ]
Compounding the problem are two more factors, Schouwenberg said —
the overall lack of security software for mobile devices, and
device owners who use the financial apps while on an untrusted or
public
Wi-Fi network.
“Somebody might be able to intercept [Wi-Fi] communications and
obtain access to your online session and/or login credentials,”
Schouwenberg said.
Another concern is the amount of personal information that ends
up getting stored on the phone via financial apps.
“The security of the personal information in motion is not really
in question; it’s the personal data remaining on the device that
is,” said Matt McKinley, U.S. director of product development for
Finnish network-security firm Stonesoft. “If devices can be
accessed remotely and personally identifiable information exists
on the device, then it can be stolen.”
McKinley added that the real risk is placing personal information
in clear-text — i.e., unencrypted — notes and memos.
“That is low-hanging fruit for hackers,” McKinley said. “Another
risk is what happens when someone has physical access to the
device itself.
“Of course, the same could be said of any computing device, but
the portability and the fact that smartphones are with us
everywhere makes them easier to lose.”
The cybercriminal threat
Malware is another concern with financial apps. The most
common method of smartphone or tablet malware infection right now
is via the installation of
rogue apps or Trojan horses, seemingly benign software that’s
actually malicious.
With the gradual adoption of the HTML5 next-generation Web
standard and the vast expansion of browser capabilities it
entails, the attack surface — the possible ways unauthorized
users can get into a system — may be reaching an event horizon,
according to Troy Gill, security analyst with AppRiver Security
in Gulf Breeze, Fla.
“Cybercrooks are infecting popular mobile platforms through
malicious applications and, unfortunately, no mobile platform is
immune from the destruction it can cause,” Gill said.
“The Android platform has been the most popular target for
malware infection as of late, and this has come mainly through
the installation of malicious apps,” Gill added.
“There have been various apps created to imitate legitimate bank
or credit-union apps, but actually are aimed at stealing your
personal and login information,” he said. “These malicious apps
are most often found on third-party sites and not in the official
Android Market, although there have been quite a few found there
too.
“Attempting to log into your bank account using these apps would
result in your login credentials being stolen and possibly theft
occurring on your account.”
Don’t become a victim
There are risks to using financial apps on a mobile device, but
if you take a few precautions, app-based banking and other
monetary activities can be done as safely on your phone as on
your desktop.
These security precautions include:
— Don’t use financial apps on
a jailbroken or rooted smartphone or tablet.
Article source: http://www.msnbc.msn.com/id/47253510