Ce diaporama a bien été signalé.
Le téléchargement de votre SlideShare est en cours. ×

Webinar: Securing Mobile Banking Apps

25 mai 2020
1 j’aime 95 vues
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Prochain SlideShare
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and Cloud
Chargement dans…3
×

Consultez-les par la suite

Rpt paradigm shifts
malvvv
2022 Cybersecurity Predictions
Matthew Rosenquist
Strategies to combat new, innovative cyber threats in 2019
SrikanthRaju7
Emerging application and data protection for cloud
Ulf Mattsson
Symantec Security Refresh Webinar
Arrow ECS UK
Security - intelligence - maturity-model-ciso-whitepaper
CMR WORLD TECH
Data Protection & Privacy During the Coronavirus Pandemic
Ulf Mattsson
How to protect privacy sensitive data that is collected to control the corona...
Ulf Mattsson
1 sur 45 Publicité

Webinar: Securing Mobile Banking Apps

25 mai 2020
1 j’aime 95 vues

Télécharger pour lire hors ligne

Technologie

Digital banking security, mobile threat landscape, mobile malware, and related PSD2 regulation.

Digital banking security, mobile threat landscape, mobile malware, and related PSD2 regulation.

Technologie
Publicité

Suggestions

Security in Web 2.0, Social Web and Cloud
ITDogadjaji.com
852 vues
38 diapositives
RSA大会2009-2010分析
Jordan Pan
559 vues
21 diapositives
100+ Cyber Security Interview Questions and Answers in 2022
StuartGreen60
124 vues
45 diapositives
Cyfirma cybersecurity-predictions-2022-v1.0 c
Aanchal579958
83 vues
29 diapositives
Latin america cyber security market,symantec market share internet security,m...
Ashish Chauhan
146 vues
11 diapositives
Cybersecurity 2020 the biggest threats to watch out for
Cigniti Technologies Ltd
73 vues
5 diapositives
The 10 Fastest Growing Cyber Security Companies of 2017
Insights success media and technology pvt ltd
722 vues
48 diapositives
Rpt paradigm shifts
malvvv
283 vues
18 diapositives
Publicité

Plus De Contenu Connexe

Diaporamas pour vous (20)

Rpt paradigm shifts
malvvv
103 vues
2022 Cybersecurity Predictions
Matthew Rosenquist
1k vues
Strategies to combat new, innovative cyber threats in 2019
SrikanthRaju7
314 vues
Emerging application and data protection for cloud
Ulf Mattsson
281 vues
Symantec Security Refresh Webinar
Arrow ECS UK
1.3k vues
Security - intelligence - maturity-model-ciso-whitepaper
CMR WORLD TECH
751 vues
Data Protection & Privacy During the Coronavirus Pandemic
Ulf Mattsson
429 vues
How to protect privacy sensitive data that is collected to control the corona...
Ulf Mattsson
399 vues
IE_ERS_CyberAnalysisReport
Camilo do Carmo Pinto
283 vues
As telcos go digital, cybersecurity risks intensify by pwc
Mert Akın
551 vues
Global Cyber Security Industry
ReportLinker.com
295 vues
Security weekly september 28 october 4, 2021
Roen Branham
81 vues
2015 Global Threat Intelligence Report Executive Summary | NTT i3
NTT Innovation Institute Inc.
1.2k vues
[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM
Carlos Valderrama
364 vues
Top 5 Cybersecurity Trends in 2021 and Beyond
Nandita Nityanandam
122 vues
Global Cyber Security Overview | TechSci Research
TechSci Research
163 vues
Data protection on premises, and in public and private clouds
Ulf Mattsson
204 vues
ISTR Internet Security Threat Report 2019
- Mark - Fullbright
357 vues
Etude sur le marché de la cyber sécurité (2011)
PwC France
2.4k vues
idg_secops-solutions
Jonny Nässlander
122 vues
Rpt paradigm shifts
malvvv
103 vues
18 diapositives
2022 Cybersecurity Predictions
Matthew Rosenquist
1k vues
15 diapositives
Strategies to combat new, innovative cyber threats in 2019
SrikanthRaju7
314 vues
16 diapositives
Emerging application and data protection for cloud
Ulf Mattsson
281 vues
63 diapositives
Symantec Security Refresh Webinar
Arrow ECS UK
1.3k vues
18 diapositives
Security - intelligence - maturity-model-ciso-whitepaper
CMR WORLD TECH
751 vues
16 diapositives

Similaire à Webinar: Securing Mobile Banking Apps (20)

Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...
Denis Gorchakov
761 vues
Wultra: Mobile Application Security
Wultra
119 vues
DSS @ Digital ERA 2014 - Security in the digital world
Andris Soroka
1.1k vues
Why Organisations Need_Barac
Barac
18 vues
Cybersecurity Compliance can Make or Break Your Business - DigiCert - Symantec
RapidSSLOnline.com
247 vues
The malware monetization machine
Priyanka Aash
170 vues
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
viaForensics
548 vues
Security Opportunities A Silicon Valley VC Perspective
Positive Hack Days
612 vues
Security in the Hybrid Cloud Now and in 2016
IDG Connect
628 vues
How to Gather Global Mobile Threat Intelligence
Zimperium
238 vues
Digital tech trends
Federico Zuffranieri
42 vues
E security and payment 2013-1
Abdelfatah hegazy
689 vues
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
viaForensics
440 vues
07 2020 網絡安全趨勢和安全小貼士
HomeContentRSSLog ineLearning Consortium 電子學習聯盟
401 vues
What I Learned at RSAC 2020
Ulf Mattsson
203 vues
The State of End-User Security—Global Data from 30,000+ Websites
Priyanka Aash
369 vues
Tt 06-ck
Narinrit Prem-apiwathanokul
444 vues
Ransomware protection in loT using software defined networking
IJECEIAES
20 vues
Let's hack your mobile device. Yes we can. And many other do.
DATA SECURITY SOLUTIONS
92 vues
EETimes_Euro_MAX66x40
Hamed M. Sanogo
114 vues
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...
Denis Gorchakov
761 vues
17 diapositives
Wultra: Mobile Application Security
Wultra
119 vues
30 diapositives
DSS @ Digital ERA 2014 - Security in the digital world
Andris Soroka
1.1k vues
72 diapositives
Why Organisations Need_Barac
Barac
18 vues
19 diapositives
Cybersecurity Compliance can Make or Break Your Business - DigiCert - Symantec
RapidSSLOnline.com
247 vues
1 diapositive
The malware monetization machine
Priyanka Aash
170 vues
47 diapositives
Publicité

Plus récents (20)

Nereus Pitch Deck
Masaki Nakada
6 vues
E – Banking.pptx
Vivekananda College, Tiruvedakam West, Madurai - 625234
0 vues
XFS.ppt
DmitryIg
1 vue
Chapter13.ppt
sahilkumar579884
0 vues
Water Analysis.pdf
Dr.Timy Jose
0 vues
Keynote at the 2023 Annual Meeting of the Society for the Neuroscience of Cre...
Rogelio E. Cardona-Rivera
0 vues
PPT Simulasi Kel 3.pptx
sudrs
0 vues
root causes analysis
SandroArcamone
3 vues
how does internet works.pptx
22I334MURUGAVELE
0 vues
Blockchain Introduction - Canada Nov 2017.pptx
Antony Welfare
0 vues
The Importance of Accessibility in Software Design.pdf
Bahaa Al Zubaidi
0 vues
Thierer - Artificial Intelligence Primer - ver 2.2 (March 2023).pdf
Adam Thierer
0 vues
Crypto Developer Locations 2023 by Electric Capital
MariaShen2
447 vues
AI-Act-Impact-Survey_Report_Dec12.2022.pdf
Alfredo Cáceres
3 vues
HDL.pptx
Abdulrahman181781
0 vues
mammography
VanshikaGarg76
0 vues
MDM-SGG_Business_User_Guide_v2_2_0_2.pptx
AdityaDas899782
0 vues
ch02.pdf
surahyo2
0 vues
Auntie LN
AlexLewin7
3 vues
ChatGPT ChatBot
LinconMondal
0 vues
Nereus Pitch Deck
Masaki Nakada
6 vues
12 diapositives
E – Banking.pptx
Vivekananda College, Tiruvedakam West, Madurai - 625234
0 vues
13 diapositives
XFS.ppt
DmitryIg
1 vue
41 diapositives
Chapter13.ppt
sahilkumar579884
0 vues
64 diapositives
Water Analysis.pdf
Dr.Timy Jose
0 vues
46 diapositives
Keynote at the 2023 Annual Meeting of the Society for the Neuroscience of Cre...
Rogelio E. Cardona-Rivera
0 vues
105 diapositives

Webinar: Securing Mobile Banking Apps

  1. 1. Prague Securing Mobile Banking Apps You Are Only as Strong as Your Weakest Link
  2. 2. 10-20% rise in digital banking use across Europe in April 2020 Facts & Numbers 40% of Android users have phones which no longer received security updates
  3. 3. " The digital banking leaders also happen to be the leaders in security.
  4. 4. PIN/Password Policy Secure Networking App Shielding (RASP) Malwarelytics malware protection on Android Transaction Signing (SCA) Security Advisor
  5. 5. PSD2 Strong Customer Authentication Secure Standards for Communications Detecting Signs of Malware Infection Mobile Secure Execution Environment Transaction Risk Analysis Fraud Detection Systems Auditing and Documentation
  6. 6. Money Heist The same thing as always, but digital…
  7. 7. Current Mobile Threats Weak Activation After-Theft Attack Weak RuntimeMobile Malware
  8. 8. 1,2M+ App Samples 0,04% Malware 0,17% Highly Dangerous 1900+ Accessibility 22k+ Screen Override 5k+ SMS Access Mobile Malware
  9. 9. QRecorder(Q4/2018)
  10. 10. StrandHogghttps://www.youtube.com/watch?v=XtabRTVQT6Q
  11. 11. StrandHogghttps://www.youtube.com/watch?v=C7IB62jYf4o
  12. 12. Real App Fake App Mobile Malware
  13. 13. 4major malware attacks in Q1 €100k highest single client loss €500k total cost impact estimates in Q1 Mobile Malware Czech Republic, Q1/2019
  14. 14. Mobile Malware Cerberus Banker Trojan (1/3)
  15. 15. Mobile Malware Cerberus Banker Trojan (2/3)
  16. 16. Mobile Malware Cerberus Banker Trojan (3/3)
  17. 17. Mobile Malware EventBot targets users of over 200 different financial applications, including banking, money transfer services, and crypto-currency wallets.
  18. 18. Malwarelytics
  19. 19. Weak Activation Using an SMS OTP during a mobile app enrollment. Attackers use social engineering to trick users into confirming a new mobile banking activation on their own devices. After an attacker activates mobile banking, the bank account and the user's identity are fully compromised. Mobile app authentication is only as strong as the elements that were used during the activation process.
  20. 20. Weak Activation How to improve activation security? "Slow Channels" "Identity Aging"HW OTP
  21. 21. After-Theft Attack Weak PIN codes and passwords. 4-digit PIN = 10 000 combinations
  22. 22. After-Theft Attack Weak PIN codes and passwords. 11% of users choose "1234" Top 20 PIN codes can open over 25% of all devices. https://www.datagenetics.com/blog/september32012/
  23. 23. After-Theft Attack Weak PIN codes and passwords. Enforce strong PIN codes!→
  24. 24. After-Theft Attack What is a strong PIN code? 1234, 1111, 2222, 3333, …
  25. 25. After-Theft Attack What is a strong PIN code? 1234, 1111, 2222, 3333, … 2468, 1357, 1212, 1313, …
  26. 26. After-Theft Attack What is a strong PIN code? 1234, 1111, 2222, 3333, … 2468, 1357, 1212, 1313, … 1984, 2000, 1968, 1989, …
  27. 27. After-Theft Attack What is a strong PIN code? 2580
  28. 28. After-Theft Attack What is a strong PIN code? 2580 1 2 3 4 5 6 7 8 9 0 Patterns…
  29. 29. After-Theft Attack What is a strong PIN code? 3719 1379 9713 1937 1 2 3 4 5 6 7 8 9 0 Patterns… Patterns…
  30. 30. After-Theft Attack What is a strong PIN code? 6428 4628 6842 2846 1 2 3 4 5 6 7 8 9 0 Patterns… Patterns… Patterns everywhere!
  31. 31. After-Theft Attack What is a strong PIN code? The last safe PIN code! 8068
  32. 32. After-Theft Attack What is a strong PIN code? The last safe PIN code! 8068
  33. 33. Open-Source Freebie! https://github.com/wultra/passphrase-meter
  34. 34. After-Theft Attack Forensic cryptographic data extraction. Built-in security measures in mobile OS can be bypassed. PIN code or cryptographic keys can leak from the memory. Implement cryptography as a low- level C/C++ module with strict memory management. Uses HW backed key storage (SecureEnclave, StrongBox).
  35. 35. Weak Runtime Nothing is guaranteed on a jailbroken/rooted device… To mitigate risks related to compromised devices, implement RASP / App Shielding technology. Your app could have been: → modified by repackaging ("at rest") → modified after connecting a debugger ("at runtime") → modified by a fake system library (framework or native library injection) A ticking time bomb…
  36. 36. " Xposed is a framework for modules that can change the behavior of the system and apps without touching any APKs. That's great because it means that modules can work for different versions and even ROMs without any changes…
  37. 37. Weak Runtime On the system level, iOS and Android are equally secure… Dispelling The “Sufficiently Secure iOS” Myth and the Importance of App Shielding on iOS — by Tomáš Kypta https://bit.ly/3gan7V1
  38. 38. Current Mobile Threats Weak Activation After-Theft Attack Weak RuntimeMobile Malware
  39. 39. " The digital banking leaders also happen to be the leaders in security.
  40. 40. Consulting document "Principles of a Secure Mobile Banking on iOS and Android" — by Petr Dvořák
  41. 41. Thank You Petr Dvořák petr@wultra.com Any questions? Tereza Gagnon tereza.gagnon@wultra.com

×