Study into the Implications of Smartphone Operating System Security

Recommendations

Info

Study into the implications of Smartphone operating system security Figure 1.2: Fake Angry Birds game showing Android Permissions list and link to premium rate SMS messages. In a separate incident, PhonepayPlus fined a company called Connect Limited a total of £50,000.00 for publishing an Android app that caused the user to click on a weblink that resulted in a £10.00 premium rate text message. An estimated £250,000.00 was lost by UK consumers as a result of this fraud. Connect Limited was ordered to recompense all of the consumers that had lost money as a result of this fraud. Paul Whiteing, chief executive of PhonepayPlus, said in a statement: "PhonepayPlus has a strong track record of protecting consumers from misleading apps that charge using premium rate services. We will continue to work with the telecoms and security industries to understand threats to consumers and to take robust regulatory action where appropriate. We want to make sure phone users can use apps with confidence." 19 There is a continuing threat against Smartphone users who are accessing PRS services on their devices. Thankfully, PhonepayPlus and industry representatives including MNOs and security vendors are constantly monitoring the situation. By taking quick and direct action against companies involved in this fraud, a clear message is being sent out to other companies and individuals who may be contemplating initiating a fraud campaign. 19 Watchdog orders compensation over premium rate texts. The Telegraph, 3 rd September 2012. http://www.telegraph.co.uk/finance/personalfinance/consumertips/household-bills/9518130/Watchdogorders-compensation-over-premium-rate-texts.html Goode Intelligence © 2013 P a g e | 33 www.goodeintelligence.com
Study into the implications of Smartphone operating system security Financial Services fraud Banks are targeting Smartphone owners because they represent good business, being generally younger or more affluent. As financial services move increasingly to the mobile channel then Smartphones will be targeted. This is an emerging threat area and there have been a small number of examples where Smartphones have been targeted. One of the most high-profile attacks to date has been the adaptation of the Zeus financial Trojan to target Smartphones. Throughout its five year history, Zeus has successfully defrauded bank users of hundreds of millions of Pounds. In 2010 the FBI announced that it had discovered a major international cybercrime network that had used Zeus to steal around US$70 million. In this case the FBI successfully arrested this cybercrime network with the help of law enforcement partners in the UK, the Ukraine and the Netherlands. 20 Zeus has been upgraded to support Smartphones with the Zeus in the Mobile (ZitMo) variant. ZitMo targets the SMS-delivered two-factor-authentication (2FA) one-timepasswords (OTP), or Transaction Authentication Number (TAN), that banks use to enhance the security of their online banking services. ZitMo is designed to infect a bank customer’s device and then harvest these OTPs to then access the defrauded customer’s bank account. ZitMo has been seen on Android, BlackBerry and Symbian devices. According to a report published by security vendors Check Point Technologies and Versafe ZitMo has been very successful and was involved in fraud to the value of £31 million (see the Eurograbber case study below). Eurograbber case study: The case of Eurograbber grabbed the headlines in 2012 mainly because of the ‘reported’ high value of the financial fraud. A white paper published jointly by the security vendors Versafe and Check Point Software Technologies 21 reported that Eurograbber, a variant of Zeus, managed to steal “an estimated 36+ million Euros from more than 30,000 bank customers from multiple banks across Europe”. That equates to just over £31 million. The report details that there is a mobile component to Eurograbber that is designed to steal mobile-based TANs sent to bank customers’ phones via SMS. The report does not detail the extent of the mobile-based attack and whether all of the £31 million fraud was a direct result of the TAN-stealing mobile Trojan. What it does tell us is that Smartphones can be vulnerable to targeted attacks that successfully use mobile malware. 20 FBI: http://www.fbi.gov/news/stories/2010/october/cyber-banking-fraud 21 A Case Study of Eurograbber: How 36 Million Euros was Stolen via Malware, December 2012, Versafe and Check Point Software Technologies Ltd: http://www.checkpoint.com/products/downloads/whitepapers/Eurograbber_White_Paper.pdf Goode Intelligence © 2013 P a g e | 34 www.goodeintelligence.com
Page 1 and 2: www.goodeintelligence.com £ Study
Page 3 and 4: Study into the implications of Smar
Page 33: Study into the implications of Smar
Page 85 and 86:
Study into the implications of Smar
Page 87 and 88:
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
show all

Study into the Implications of Smartphone Operating System Security

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?