Criminals never sleep. You can always count on them to find new, more sophisticated ways to deceive mobile network subscribers and technology aficionados. Recent cyber-security reports show that we are seeing an increasing amount of malicious applications running in Android devices. Some could say these apps are just a security concern for smartphone users, similar to viruses or trojans in computers. However, with the increasing evolution of computing power from mobile devices and the state of hyperconnectivity in everyone's lives, CSPs should be paying attention to how these security issues could open avenues for fraud.
Some of these malicious apps can be downloaded directly from the Google Play store and even provide a legitimate purpose for the user, such as a dynamic wallpaper or a video game. What is not clear for users at first is that these seemingly simple apps hide a malicious mechanism underneath. One of the most surprising examples we have seen in recent months was the discovery that some apps in Google Play were "covers" for bitcoin miners stealing CPU cycles from smartphones as part of a large cryptocurrency-mining network. But the most common example of malicious software in mobile devices is SMS-Trojans used as enablers for PRS fraud by sending messages to premium-rate numbers without the user’s permission or awareness.
What all this shows us is that the boost in the user-adoption of smartphones and their app capabilities has created a rich domain for security flaws to be exploited for committing fraud. If you think about it, these are actually very convenient enablers from a fraudster's point of view: easy to spread out across millions of devices, at a distance and with a low risk of being caught by law enforcement. Take the SMS-Trojan example. What previously required a fraudster to travel abroad to pursue activities for compromising mobile terminals, such as theft or social engineering, can now be accomplished with a cleverly coded piece of software that can be spread out to a large group of users quickly through an app store.
With smartphone users accessing their bank accounts through online banking apps, logging in to various email and social network services and storing their personal information, we could see malicious apps becoming the preferential enablers for fraudsters, allowing them to conduct all sorts of fraud. And let's not forget that we are all predicting a future where mobile payments become the norm (through services such as Google Wallet or Apple Pay), which would put smartphone devices at the center of our personal money transactions - yet another desirable target for criminals everywhere.
This domain of fraud enablers is a challenge for CSP's as they become vehicles for spreading such mechanisms, since applications are transferred through their data networks, and they begin to face an increasing number of highly-sophisticated sources of fraud. Leveraging Big Data and Deep Packet Inspection (DPI) within a Fraud Management system could become key in dealing with these new and complex threats. By allowing a greater monitoring and understanding of fine-grain behaviors of massive numbers of devices, these technologies may prove to be valuable next-generation weapons to deal with next-generation threats.
Let Us Know What You Thought about this Post.
Put your Comment Below.