Black Hat: Android, iPhone App Data Risks Overlooked
"At the Black Hat USA 2010 conference in Las Vegas on Wednesday, mobile security company Lookout revealed that smartphones present more of a risk of data leakage than most users realize.
CEO John Hering and CTO Kevin Mahaffey presented the "App Genome Project," a survey of how Android and iPhone apps handle security and sensitive data.
The issue for Lookout isn't so much that Android devices or the iPhone may have vulnerabilities. It's that developers fail to appreciate the risks presented by third-party code and device users fail to consider the implications of granting permission to an app to access their data.
In one particular case, a wallpaper app for Android devices that had been downloaded several million times was found to be sending user data -- phone number, subscriber identifier, and currently programmed voicemail phone number -- to a server in China."
How will the iPad impact mobile banking?
"Recently for Juniper’s Mobile Banking report, I conducted a global survey of banks looking at their mobile banking strategies. The aim was simple: to identify first how many banks offer any form of mobile channel access and then to discover the relative popularity of SMS, mobile web and apps as means of providing services. The result was very conclusive. Over 80% of banks currently offer some form of mobile banking.
The survey was conducted from the viewpoint of a prospective customer, simply by approaching the bank website and determining if said bank offered mobile, bearing in mind that this could be anything from a simple SMS balance alert right up to a fully fledged web based or smartphone app based transactional service with super features and usability."
Does Citi's iPhone Glitch Mean All Banks Should Review Their Mobile Banking Code?
"Citi's confession this week that a glitch in its iPhone application was saving customers' personal information on their phones was a wake-up call for other banks who customize or develop their own mobile banking code, according to Alex Kwiatkowski, principal analyst - financial services technology at Ovum, who spoke to us this morning.
The Citi event was not the crisis the media made it out to be, we agreed. The bank immediately created an upgrade to the software that fixed the problem and sent out letters advising customers to download the new version, with an explanation of why. 'In the grand scheme of things, Citi's reaction was exemplary,' Kwiatkowski says. 'It's a good example of what to do when something goes wrong. Their actions leading up to that, not so much,' he says, referring to the fact that, naturally, it would have been better if the bank had tested the application enough to see the problem before releasing it."
Scotiabank launches Mobile Banking in the British Virgin Islands
"Scotiabank launched today their Mobile Banking service in the British Virgin Islands. Customers can now easily check their balance, transfer funds and pay bills from the convenience of their mobile phone.
'We are thrilled to offer this innovative service. It allows our customers to manage one part of their busy lives with the touch of a button, from wherever they are,' said Joycelyn Murraine, Managing Director Scotiabank (British Virgin Islands) Limited. 'With Scotia Mobile Banking, our customers will be able to do their day-to-day banking quickly, efficiently and securely from their phones.'"
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment