Chris Skinner's blog

Shaping the future of finance

Stealing your mobile bank data

Chris Skinner Author Avatar
by
Fraud

We had a meeting of the Financial Services Club last week that looked at fraud and mobile malware with the Serious Organised Crime Agency and the International Systems Security Association (ISSA).

Fraud 

It was an interesting meeting, as I’m particularly intrigued by stories about mobile as this is our hot space right now.

Every bank is getting into mobile payments, mobile billpay, mobile balance checks, mobile banking ... it’s a huge opportunity as I’ve written about so many times.

I’m not writing much about the issues with mobile that banks are experiencing as many are yet to come into the public domain.

One that is in public domain is the coordinated ZeuS attack from Q4 last year:

“According to S21sec, the new variant of the ZeuS trojan first infects the victim’s PC. Then a web application purporting to be from a bank asks the victim to input their mobile phone number and details of their device. Third, the victim is asked via text message to install an application on to the phone. This application can then be used to intercept any text messages the victim sends.” 

But I have a little bit more interest in what’s happening today and Joshua Pennell from ISSA talked through a whole load of new man-in-the-middle and mobile malware attacks that are growing by the day.

I mentioned one of these myself recently about Justin Bieber, but suspicious downloading is one thing.

It’s just another variation of phishing.

What concerned me more is the mobile hi-jacking capability where you think you are on your mobile carrier’s network but you’re not.

The idea is that a cybercriminal places a signal box near to the location of the person they are targeting.

The person then sees their mobile signal disappear and come back stronger.  Something that happens all the time in my part of town.

What the mobile user does not realise is that their mobile service has now been hijacked and all of their texts, apps and downloads are being filtered by the cybercriminals service.

Sounds difficult?

I thought so until someone mentioned to me that this was just an example of using the Sure Signal Service.

Then the penny dropped as I use that service!

Sure Signal is for mobile customers who live in an area that is too weak to get a decent mobile service from their carrier.

This happens to many customers who move home and the result is that they cannot actually use the mobile carrier’s service and want to leave.

So they get sent a Sure Signal box.

The box works off the broadband network of the house and the result is five bars for calls plus 3G.

Oh, and of course, the same is true for anyone else in that vicinity.

Good idea...

... and then there’s the other illustration of mobile that adds a further dimension to this.

The mobile tracker.

We all know that your geolocation is always on when you have a mobile signal, but who has a right to know about this?

In Germany, where spying is rife, apparently it’s a hot issue right now ever since German politician Malte Spitz discovered that his mobile operator was tracking his every move.

And the issue is that they were storing this information for months ... in fact, they had his whole life mapped out over a period of six months.  Every move from every day for 180 days.

Here’s how it looks over just two days...

... hot stuff and a real topical issue therefore is: what is the security of mobile and, if compromised, who is at fault: the carrier, the handset manufacturer, the retailer, the customer, the bank, the regulator...

 

 

 

 

MobileCrimeCategories
Chris Skinner Author Avatar

Chris M Skinner

Chris Skinner is best known as an independent commentator on the financial markets through his blog, TheFinanser.com, as author of the bestselling book Digital Bank, and Chair of the European networking forum the Financial Services Club. He has been voted one of the most influential people in banking by The Financial Brand (as well as one of the best blogs), a FinTech Titan (Next Bank), one of the Fintech Leaders you need to follow (City AM, Deluxe and Jax Finance), as well as one of the Top 40 most influential people in financial technology by the Wall Street Journal's Financial News. To learn more click here...

Intelligent Money: Our Future Is Where We Do Not Think About Money, As Our Money Thinks For Us

What is the future?

Learn more

Learn more about Chris

About Chris Skinner

The Past, Present And Future Of Banking, Finance And Technology

Fintech expert Chris Skinner: countries need digital transformation to remain competitive

Join me on Linkedin

Follow Me on X!

Hire Chris Skinner for dinners, workshops and more

Learn directly from from one of the most influential people in technology, gain insights from the world's most innovative companies, and build a global network.

Chris’s latest book

Order now

Chris Skinner’s ‘Intelligent Money’ Book Launch Event

Top 50 Global Thought Leaders and Influencers on Finance 2024

Global Awards

Lifetime Achievement Award

Global 100 - 2024 Winner

Chris Skinner - Financial Markets Advisor of the Year - The Finanser - UK 2023

Best Financial Markets Advisor of the Year 2023

30 Best Regtech Blogs and Websites 2023

Kids creating the future bank | TEDxAthens

Captain Cake and the Candy Crew

Captain Cake Winner of a Golden Mom’s Choice Award

TWO-TIME WINNER OF A MOM’S CHOICE GOLD AWARD!

Alex at the Financial Services

Gaping Void's Hugh MacLeod worked with the Finanser