In Roy Urrico's piece in Credit Union Times, he warns against vulnerabilities on some Android phones that could allow hackers to do just this. Some highlights from the article are below. We understand cybersecurity and the security concerns mobile bankers have, and designed a core credit union solution that is focused on true integration, eliminating some of the risks with data security.
The San Francisco-based Zimperium Mobile Security warned that a flaw in the Android media library Stagefright has left 95% of an estimated 950 million Android-based mobile devices susceptible to remote code execution vulnerabilities.
“Built on tens of gigabytes of source code from the Android Open Source Project, the leading smartphone operating system carries a scary code in its heart,” Zimperium stated in its blog. “Named Stagefright, it is a media library that processes several popular media formats. Because media processing is often time-sensitive, the library utilizes native code (C++), which is more prone to memory corruption than memory-safe languages like Java.”
Zimperium added, “Attackers only need your mobile number to remotely execute code via a specially crafted media file delivered via MMS. A fully weaponized successful attack could even delete the message before you see it. You will only see the notification.”
These vulnerabilities are extremely dangerous because they do not require any action from the victim, the security firm noted. Unlike with spear-phishing, attackers do not require victims to open a bogus PDF file or link – the fraudster can trigger the vulnerability and remove any trace of compromise without the victim’s knowledge.
Sjouwerman said he strongly recommends using two-factor authentication for any financial transaction over the Internet, especially over any kind of wireless device.
Malware increasingly threatens mobile phone users. A May Symantec security report revealed that 17% of Android apps (nearly one million total) are actually malware in disguise. Most identified mobile malware tries to steal users’ personal data, the security firm said. One third, or 2.3 million of 6.3 million Android apps, are grayware or malware apps. While these applications do not harm a smartphone, they are mainly intrusive because they track user behavior for the primary purpose of placing advertisements, Internet security expert Ali Raza said in a LIFARS newsletter.
So if you are implementing new technology for members, ensure that it is not hastily released without adhering to your mobile banking security measures. Learn how FLEX Mobile Apps are secure to protect both your credit union and your members.