Protecting Against the Dangers Often Found in Financial Mobile Applications

According to latest data breach summary from the Identity Theft Resource Center, there have been 60 data breaches at banking, credit and financial institutions thus far this year. These breaches involved some 5,056,581 records and accounts for almost 10 percent of all data breaches recorded this year. While this may not seem like a lot in the big picture financial institution breaches are particularly dangerous given the data that is typically obtained. And, as more and more financial institutions rollout apps that make banking convenient, the risks are growing.

Of the various dangers associated with mobile banking and apps, malware is looking to become one of the most pernicious. Malware is software specifically designed by bad actors to perform malicious acts such as damage computer operations or gain access to desired information. Malware continues to be a corporate threat, with companies shelling out millions on malware amelioration. 30% of companies surveyed reported a security breach happening at a rate of at least one per month, with malware on end-user’s systems accounting for half of these.

Malware such as computer viruses have been well-known in the desktop environment but they are increasingly a problem for mobile devices; and as financial institutions increasingly make information available to customers via mobile devices, the security threat that mobile malware presents must be addressed. Malware is also a threat behind the firewall as employees increasingly use their personal devices to access corporate information (BYOD). With more and more corporate wealth being associated with intellectual property, this new threat vector cannot be ignored.

If a financial mobile app isn’t properly protected, it is also vulnerable to another pernicious attack, “trojanization”. Trojanization is where a cybercriminal takes a legitimate app and modifies it so that instead of the app performing the tasks originally designed for it, the app actually performs tasks for the cybercriminal such as stealing information from the mobile device. Trojanization is particularly a threat to Android devices because apps distributed through Google Play undergo a less strenuous vetting process and Android devices can also be set to download apps from sources other than Google Play.

Cryptanium protects financial mobile applications on multiple platforms, using the following security features:

  • Integrity protection
  • Obfuscation
  • Anti-piracy protection
  • Anti-debug protection
  • Binary packing
  • White-box cryptography
  • Diversification
  • Jailbreak/rooting detection

Cryptanium has two main components. The first is Cryptanium Secure Key Box, a white box cryptographic library that implements standard cryptographic algorithms in a way that completely hides the keys. The second is Cryptanium Code Protection, a comprehensive tool for hardening software applications on multiple platforms. These two components work together to increase mobile application security.

It is imperative for financial institutions to take the necessary steps to protect their apps by making them harder to hack.