The Inquirer-Home

Two-step security on mobile will be rendered useless in 2014, says Trend Micro

Due to 'man in the middle' attacks
Tue Dec 10 2013, 09:39
Mobile phone and credit card

TWO-STEP SECURITY AUTHENTICATION, as recently adopted by Facebook and Twitter, will be rendered useless against cyber attacks on mobile devices in 2014, security firm Trend Micro has claimed.

The security company predicted in its recent security intelligence report that mobile banking will suffer more "man in the middle" (MitM) attacks, such that basic two-step authentication "will no longer be sufficient". A sign this is coming, Trend Micro said, is the popularity of malware such as PERKEL, a crimeware kit designed to create malware for Android phones that can intercept authentication messages sent to mobile devices.

"Going mobile [has] unintentionally rendered two-step verification insufficient. As more people used mobile devices for both banking and authentication, cybercriminals started intercepting authentication numbers with the aid of mobile malware like PERKEL and ZITMO," Trend Micro's report warned.

"Nearly one in five US smartphone users banked via mobile devices in 2013, a number that is expected to rise more in the coming years. 2014 will be about mobile banking. Unfortunately, we can also expect mobile threats like man-in-the-middle (MitM) attacks to increase in 2014."

A Man in the Middle (MitM) attack is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.

"The past year saw a notable surge in online banking threats. The third quarter saw the infection count pass the 200,000 mark, the highest it has ever been," Trend Micro added. "But banking threats were not limited to computers; we also saw them go mobile. Fake banking apps became a common problem. Banking-related apps also became a favoured cybercriminal target, led by malicious apps posing as token generators."

The security firm said that Android will remain the most dominant mobile operating system (OS) in the market, with its dominance continuing to be exploited, reaching three million victims by the end of 2014.

"Though Google did exert effort to address this, most recently with the release of Android KitKat, not all users can take advantage of new security features due to the OS's heavily fragmented update process," Trend added.

The firm also predicted that upcoming mobile operating systems such as Tizen, Sailfish, and Firefox that boast Android compatibility layers will run Android apps, but might also make it easier for cybercriminals to create multi-platform threats as they enter the mobile market in the coming year. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?