(How can a flashlight app be allowed to monitor your network connections or modify the contents of your USB storage?) Insecure banking appsīanking apps ought to be more secure than browsers, but it ain’t necessarily so. Sometimes, devices are compromised by apparently simple apps that demand loads of “permissions” to run. Smartphones and tablets are more likely to be compromised by fake or lookalike apps that have evaded the vetting process. Some are distributed as “drive by” installations from websites that host exploit kits. Variants such as Gozi can even imitate your typing style and mouse movements, to defeat banks that use this kind of information to identify real users.īanking trojans can also be hidden in Microsoft Word documents, pdfs or fake invoices. The malware captures your keystrokes as you try to log into your bank. Zeus collects your logon details, or puts up a fake screen that mimics a legitimate website, or redirects you to a fake website. It may say your bank or email account has been hacked and that you need to log on to confirm or change your password, etc. Zeus is usually delivered as an email attachment with a text that persuades some users to click on it. On Windows, the main banking malware comprises trojans such as “ Zeus and its variants Neverquest and Gozi”. The biggest threat to banking security comes from using a compromised device: one with malware that captures logons etc and sends them to someone else without your knowledge. The browsers on smartphones and tablets are also sandboxed, but like their desktop counterparts, they may be at risk from phishing and “ man-in-the-middle” attacks. Some security companies also provide add-ons, such as Kaspersky Safe Money and Bitdefender Safepay. Otherwise, Chrome is the most secure alternative, because it runs in Google’s own strong sandbox. The Edge browser in Windows 10 is a new sandboxed app, so it’s much better for banking than Internet Explorer. Today there are quite a few Windows banking apps – Alliance, Citibank, FNB, RMB, HDFC, BNP Paribas, UBI, Westpac etc – but none that I can see from UK banks. These apps are much safer than the old programs, because there are limits to what they are allowed to do. This enabled Windows to run sandboxed apps installed by the Windows Store. When Microsoft redesigned Windows 8 to run on tablets and smartphones, it introduced a similar subsystem for apps. PCs, by contrast, can run unvetted software from any source, including malware-infected websites, unless your anti-virus software blocks them. Further, these apps run in sandboxes to prevent them from doing bad things. These apps are different from traditional PC programs in that they are vetted by and downloaded from secure online stores. However, the past decade has seen a huge growth in app stores for smartphones and tablets. When personal computers first went on general sale in the 1970s, the VisiCalc spreadsheet was hailed as a “killer app”, which was short for “application program”. Systems that use two-factor authentication, preferably with a separate device that generates new passwords on demand, are really the way to go. However, if you want to perform banking transactions from wherever you happen to be, without taking too many precautions, then it should be safest to use an app over 3G/LTE (turn off wifi and Bluetooth). If you are a careful user with a secure PC, and if you only use it on your secure home network, you should not have any problems. Apps are risky because most banking apps probably have security flaws, and because fake/malware apps sometimes appear in app stores. Browsers are risky because there are trojans designed to collect banking information.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |