Cybercriminals are already targeting mobile banking apps as a “way in” to customer accounts – as witnessed in ESET’s discovery of a new, advanced Trojan, Hesperbot.
But a new IBM system may help secure smartphones – by using near-field communications chips (NFC) for an additional layer of security.
It’s the first system to allow “two-factor” security for smartphones, according to a CNET report.
“When you use your phone to access the service, the phone is no longer the second factor,” said Diego Ortiz-Yepes, a mobile security scientist at IBM Research.“Our two-factor authentication technology based on the Advanced Encryption Standard provides a robust security solution with no learning curve.”
“One billion mobile phone users will use their devices for banking purposes by 2017 - which makes for an increasingly opportune target for hackers,” IBM said in a statement.
Many new smartphones ship with the chips, but payment systems using NFC – a radio system designed for short range communication – have failed to catch on, partially due to security concerrns. IBM claims its new system – which requires a card (such as a payment card or employee ID card) and an NFC device – is much more secure.
“The user simply holds the contactless smartcard next to the NFC reader of the mobile device and after keying in their personal identification number (PIN), a one-time code would be generated by the card and sent to the server by the mobile device,” the company says.
“The IBM technology is based on end-to-end encryption between the smartcard and the server using AES (Advanced Encryption Standard) scheme. Current technologies on the market require users to carry an additional device, such as a random password generator, which is less convenient and in some instances less secure.”
IBM scientists in Zurich claim that the system has the advantage of familiarity – many users already use two-factor authentication, for instance to log in to a corporate network.
The system is available from today for any NFC-enabled Android 4.0 device. Future updates will add other NFC-equipped devices.
Financial watchdogs have warned this year that the increasing use of banking apps – often on unprotected smartphones poses an “important risk” to consumers .
The Financial Conduct Authority, a British watchdog is to investigate the risks posed by banking apps, according to a report by This is Money – particularly malicious apps that pose as genuine banking apps.
An ESET guide to new tricks used by cybercriminals – including fake bank apps – can be found here.
Author Rob Waugh, We Live Security