Any software is prone to hacking. A particularly painful topic is the case with mobile banks. However, everything is not so scary if you follow the rules of digital hygiene. Life tells what needs to be done so as not to become a victim of hackers and not lose all the money.
Mobile banks are vulnerable to hacking. Especially on Android
Positive Technologies experts examined mobile banking applications and found that fraudulent transactions and theft of funds are possible in every second mobile bank. None of the studied mobile banking applications has an acceptable level of security. Both client and server parts of banking applications are at risk.
For the client side of applications, the main threat is possible access to user data. 43% of applications store important data on a mobile device in the clear. At the same time, 76% of vulnerabilities can be used without physical access to the device, and more than a third of vulnerabilities do not require administrative rights.
Vulnerabilities in versions of mobile banks for iOS were no higher than the average level of risk. For Android versions, the situation is worse – 29% of applications contained high-risk vulnerabilities. In applications for Android there is a wider range of features, this is the main reason for the appearance of more vulnerabilities than in iOS.
We all use mobile banks. And we all need to be careful not to lose money. Let’s figure out how to do it.
Digital hygiene. See what you download and where
To exploit 87% of vulnerabilities, a hacker needs some kind of user action. Installing malicious software, clicking on dubious links – all this can lead to a loss of money. Therefore, in order not to be left with anything, you first need to remember about digital hygiene.
Malicious software is what helps steal your money. It is important that it does not get on your smartphone.
Install mainly applications from official online stores. On iOS, in principle, downloading from third-party sources is prohibited, on Android it is Google Play and the manufacturer’s company store, in the case of Huawei and Honor it is AppGallery.
There are exceptions on Android – not all official software is offered on Google Play. For example, the Fortnite game is definitely only available in the AppGallery from Huawei and Honor, if this store is not there, then it can be installed through the Epic Games Store, and it is loaded into the smartphone’s memory via a browser.
In this case, you need to allow him to download files to install applications – the system itself will offer to do this.
Installing files from third-party sources is as follows:
Click on the APK file. The system will ask you for permission for the browser to install software from unknown sources.
Allow the browser to do this.
Once you have installed the desired file, disable the ability to download software from unknown sources. To do this, follow these steps:
Go to “Settings” -> “Security” -> “Installation from an unknown source.”
You will see a list of programs that can do this. Close access to everyone and open only when necessary.
Keep an eye out for WhatsApp. It can load a virus without your participation.
Another way for malicious software to get into your phone and access data and applications, in particular mobile banks. Amazon founder Jeff Bezos’s smartphone was hacked via a WhatsApp messenger from Prince of Saudi Arabia, Mohammed Ibn Salman. According to The Guardian, the prince sent him a malicious file that allowed attackers to infiltrate a smartphone and gain access to data.
It’s even easier to get the virus and lose data through the messenger. By default, they are given access to the repository, and files are downloaded automatically. It is important to adhere to two rules: do not download documents from unknown destinations and restrict automatic file downloads.
WhatsApp for Android does it this way:
Go to “Settings” -> “Data and Storage” -> “Media Startup”.
The messenger itself can upload four types of files: photos, videos, audio and documents. To protect yourself from hacking, turn off the automatic download of the latter.
Do not use the bank app when connecting to public Wi-Fi
An Internet connection is safe if a password is set on it. A public Wi-Fi network is usually not password protected, which means it is not secure. Using them, you expose yourself to the risk of data loss from devices. It can be not only photos or text files, but also passwords from applications.
So, when entering a password in the mobile bank application, information about the combination of this password can be stolen. Therefore, it is not recommended to open the bank application, being connected to such a network.
Keep money in different banks
Actions by the owner of the smartphone require 87% of vulnerabilities. Still, hackers are unlikely to gain access to the wallet. Therefore, it is worth being prepared for such a scenario.
The easiest way is to keep money in several banks, says an expert at Group-IB.
- I have a salary card, but I have a card for daily spending. So, if fraudsters break into the card of one bank, then the second card will be protected, ”the specialist said.
It is important that the cards are in different banks, and not in one. If you have several, but only one bank, then it does not make sense to start more than one for security purposes.
“If you were banned for a simple card of one bank, then attackers will get access to the second card of the same bank with a minimum of effort,” the Group-IB expert noted.