Apps

New Google ‘Interpreter’: Real-Time Translator For Your Mobile

Posted on by Andy Miller

Google has announced the rollout of its “interpreter mode” real-time translator on Assistant-enabled Android and iOS phones worldwide.

A Back and Forth Conversation

Google says that interpreter mode means that you can now use your mobile phone to have a “back and forth conversation with someone speaking a foreign language”. In fact, interpreter mode comes loaded with 44 languages, and since it’s integrated with the Assistant it’s already on your Android phone. Those with iOS can also use interpreter by downloading the latest Google Assistant app.

How To Use It

To operate interpreter mode Google says that all you have to do is say e.g. “Hey Google, be my German translator” or “Hey Google, help me speak Spanish”, after which you’ll be able to see and hear the translated conversation on your phone. Interpreter has some built-in ways to make your foreign language conversations faster and smoother, such as, after each translation, the Assistant presenting Smart Replies, and giving you suggestions that let you quickly respond without speaking.

Interpreter mode offers different ways to communicate which you can use according to your situation e.g. type using a keyboard for quiet environments, or manually select what language to speak.

Other Translation Tools Are Available

Google’s offering is not the only translation tool available for use on mobile devices. There are a number of different apps and services including iTranslate Voice, SayHi, TextGrabber (for reading foreign text), Microsoft Translator, WayGo, and more.

What Does This Mean For Your Business?

A recent EU survey showed that, sadly, only 38% of British people can speak more than one language and this statistic highlights a real need for this kind of service among UK people travelling abroad.

The Interpreter mode could clearly be very useful for business (and personal) trips overseas in removing language barriers. As well as allowing you to hold basic conversations without any personal knowledge of a language, it may prove very useful for things such as researching and checking travel/flight information, finding local restaurants and landmarks, getting recommendations, and holding business conversations which can sometimes involve the use of more complex and specialised words and terms in foreign languages.

The Difference Between Backup and Disaster Recovery

Posted on by Andy Miller

We’re all familiar with the value of making a backup of business data, but how does this fit with ‘Disaster Recovery’ and ‘Business Continuity’ strategies?  This article takes a brief look at how these elements fit together to ensure that businesses can survive, function and get back up to speed when disastrous events (external or internal) pose a serious threat.

Reality

Normal life rules apply to the business environment i.e. things can and do go wrong, and backup and disaster recovery are both based upon this understanding.

Business continuity in the event of a ‘disaster’, is about making sure that your essential operations and core business functions can keep running while the repairs can be made that get you back up to speed.

What Could Go Wrong?

There is a potentially huge range of ‘disasters’ that businesses could make plans to be able to overcome, and even though organisations come in different sizes and have different budgets, the risks they face are generally the same.  Typically, the more obvious ‘disaster’ threats the business include:

  • Hardware failures/server failures.
  • Outages and/or file corruption
  • The effects of cyber-attacks.  For example, 53% of senior managers believe that a cyber-attack is the most likely thing to disrupt their business (Sungard AS 2019) and the effects could include damage to / locking out of systems (malware and ransomware), fraud and extortion, data breaches (which could also attract fines under GDPR, damaging publicity and loss of customers).
  • Environmental/natural disasters e.g. fire and flood.
  • Important 3rd supplier failure or the loss of key employees.
  • Failures of part / a component of a network e.g. as highlighted by recent problems with banking and airline industry services.
  • Theft or loss of equipment holding company data.

Backing Up Your Data – Where To Store It

When it comes to backups, security, integrity, cost, scalability, complying with legislation, your own business plans, and ease of daily use are all considerations.  Where / how to store backed-up data is a decision tackled differently by different companies.  In the UK, GDPR (the data protection regulations) should be taken into account in these decisions.  Places to back up data could include:

  • On-site – storing data in the same location e.g. on an external hard drive in the workplace.  Although the data backup is close to hand, this is not a particularly secure solution and in the event of flood/fire/theft disasters, your data would be gone.
  • Off-site – taking the data away on a hard drive or another physical storage medium.  This means it’s less at risk from local issues (e.g. loss, theft, damage) but could mean it takes longer to restore data .
  • Online – backing up your data on hosted servers (in the cloud) and accessing them through an application. This is now becoming the preferred method for most businesses as it is convenient and fast (if you have an Internet connection) and it cuts out many of your on-site potential disaster risks (fire, flood, loss and damage of physical storage media).

Some businesses prefer to use a ‘hybrid’ cloud backup to help address any vulnerabilities that cloud-only or local-only backup solutions have.

There are many dedicated online backup solutions available e.g. IDrive Business, Backblaze Business, Carbonite Safem, or larger solutions for businesses with much bigger data backup requirements.

Backup Decisions

Taking regular, secure backups of your business data is an important part of good practice.  It is also an important element of disaster recovery and the business continuity process.

There are several types of backup that businesses need to make decisions about.  These include whether, if/when and how to make:

  • A full backup – one that covers every folder and file type and typically takes a long time.
  • An incremental backup – the first back up is a full one, followed by simply backing up any changes made to the previous backup.
  • A differential backup – similar to an incremental backup, requires more storage space but has a faster restore time.
  • A mirror backup – an exact copy of your data that has the advantage of removing the obsolete files each time.
  • An Image-based backup – captures images of all data and systems rather than just copying the files.
  • A clone of your hard drive – similar to imaging and creates an exact cloned drive with no compression.

In reality, many businesses make use of many different types of backup solutions at the same time.

Business Continuity, Backup Decisions and Disaster Recovery

Accepting that disasters happen and that you can plan how to maintain business continuity while you deal with them (using a disaster recovery plan) is an important step in safeguarding your business. Maintaining the ability to ensure that core functions and critical systems remain in place in the event of a disaster (business continuity) involves planning, an important part of which is the disaster recovery plan (DRP).  Creating this plan is usually an interdepartmental process, which is often led by information technology.

RTO & RPO – Linking Backups To Your DRP.

There are two metrics you can use to help you to make data backup decisions that relate to your DRP.

The Recovery Time Objective (RTO): the recovery window / how long (time) the business realistically has to recover from a disaster before there are unacceptable consequences.

The Recovery Point Objective (RPO): how far back (the maximum tolerable period of time) your organisation needs to go in recovering data that may have been lost due to a disaster.

By working out these time periods (particularly RPO), it can help you to decide upon the frequency of backups, which backup methods are most suitable and preferable to you e.g. the need to go back longer periods may favour online backups, and businesses with  large quantities of valuable historic data may struggle with a short RTO (which may require tiered data recovery).

In today’s business environment it is worth bearing in mind that your customers are not likely to be very tolerant of downtime, so recovery windows now need to be as short as possible. Many businesses, therefore, simply opt for a daily backup.

Disaster Recovery Plan

At the heart of your business disaster recovery strategy should be the disaster recovery plan (DRP) which should provide step-by-step workable instructions to ensure a fast recovery.  A DRP should be tested and kept up to date to ensure that it will work in reality in the event of a disaster and typically includes elements like:

  • A plan for roles and communications, detailing employee contact information and who’s responsible for what following the disaster.
  • A plan to safeguard equipment e.g. to keep it off the floor, wrapped in plastic away from flooding.
  • A data continuity system that details what the business needs to run in terms of operations, finances/accounts supplies, and communications.
  • Checking that your data backup regime is working, and that very recent copy is stored in a secure place but would be easily and quickly accessible when needed.
  • An asset inventory, including photos where possible, of the hardware (workstations, printers, phones, servers etc) reference for insurance claims after a major disaster.
  • Keeping (up to date) documentation that lists all vital components of your IT infrastructure, hardware and software, and a sequence of what needs to be done to resume business operations with them.
  • Photos showing that the hardware was in use by employees and that care had been taken to minimise risk e.g. items were off the floor (e.g. to avoid flood damage).
  • A supplier communication and service restoration plan so that you quickly restore services and key supplies after the disaster.
  • Details of a secondary location where your business could operate from if your primary location was too badly damaged in a disaster.
  • Details of the testing, optimisation and automation of your plan to ensure that it could be implemented quickly, as easily as possible, and free from human error.

Putting The Pieces Together

The basic difference between a backup and disaster recovery, therefore, is that a backup is having a copy of your data, and disaster recovery is the whole strategy to recover your business operations and essential IT environment in the event of a serious event e.g. cyber-attack, equipment failure, fire or flood.

Creating a DRP involves completing a risk assessment and business impact analysis in order to identify critical applications and services, and it is from here that your business can then create its own tailored RTOs and RPOs which in turn, will link to your backup strategy and cycles.

Backups are essential files that enable a full restore, and as such are an important element of ongoing good practice and of your DRP, and your backup should relate strongly to the underlying strategy of disaster recovery.

One thing is certain about backup and disaster recovery which is that having no plan for either is means planning to fail.

The Battle Between ‘Slack’ and ‘Teams’

Posted on by Andy Miller

With Microsoft’s announcement that it’s Teams product has 20 million daily active users (and growing), sending Slack’s share price downwards (Slack has 12 million users), the battle is well underway in the $3.5 billion chat-based collaborative working software market.

What Is Slack?

Slack, launched in 2013, is a cloud-based set of proprietary team collaboration tools and services. It provides mobile apps for iOS and Android, and is available for the Apple Watch, enabling users to send direct messages, see mentions, and send replies.

Slack teams enable users (communities, groups, or teams) to join through a URL or invitation sent by a team admin or owner. Slack was intended to be an organisational communication tool, but it has gradually morphed into a community platform i.e. it is a business technology that has crossed over into personal use. Slack recently introduced an “email bridge” into its platform that will allow those who only have email to communicate with Slack users.  Back in May last year, ‘Slack’ introduced a new ‘Actions’ feature that made it easier for users to create and finish tasks without leaving by having access to more 3rd party tools.

In October this Year Slack announced that it has 12 million daily active users, which is 2 million increase since January.

What Is Teams?

Teams, announced in November 2016 and launched by Microsoft in 2017, is a platform designed to help collaborative working and combines features such as workplace chat, meetings, notes, and attachments. Described by Microsoft as a “complete chat and online meetings solution”, it normally integrates with the company’s Office 365 subscription office productivity suite. In July 2018, Microsoft introduced a free, basic features version of Teams which did not require an Office 365 account, in order to increase user numbers and tempt users away from Slack.

Microsoft Teams is also the replacement for Skype for Business Online, the support for which will end on 31 July 2021, and all new Microsoft 365 customers have been getting Microsoft Teams by default from 1 September 2019.

Share Tumble For Slack

Slack’s share value fell earlier this year after it announced that its projected sales growth would be lower for the second half of the year. Slack became a publicly-traded company on the New York Stock Exchange in June, and investors have been saying that it will need to maintain an impressive growth rate to compete against competitors like Microsoft (with Teams), Alphabet (Google) and Facebook.

The recent announcement by Microsoft that Teams has 20 million daily active users compared to Slack’s 12 million and has increased daily active users by more than 50% from June caused another downward push on Slack’s share value.

Slack’s Challenge – To Get More Large Paying Customers

Slack, which enjoys popularity in the U.S corporate workplace has been trying to emphasise that it is not just a chat/messaging app, but that it can connect to companies’ other applications in a way that can streamline workflows and aid real value addition and savings.  Slack is, however, facing a challenge in convincing big businesses that it is worthy, paid-for alternative to its more well-known competitors, and according to Bloomberg Intelligence analyst Andrew Eisenson, less than 1% of Slack’s customer base are large customers that spend more than $100,000 a year. One of the problems that Slack has is that although large companies in the US use it and like it, they currently have a free version, so Slack will have to convince them to upgrade to the paid-for version.

Despite having lower user numbers than Teams, some tech commentators have noted that Slack has stickiness and strong user engagement which help to attract businesses that want to get into using workstream collaboration software.

What Does This Mean For Your Business?

Microsoft has the advantage of a very well-known and trusted brand with huge reach, Teams already integrates with Office 365’s subscription office productivity suite, and there’s now a free version that doesn’t even require an Office 365 account.  Also, Teams is set to replace Skype for Business Online next year, and Microsoft has made sure that Skype for Business Online customers know that Microsoft’s investment and interoperability will make the migration to Teams a fairly painless one.

All this means that Teams appears to be in a very good position to continue what has been a rapid growth this year, and despite Slack’s positive features, Slack will have to fight hard to get big businesses interested in order to compete.

For users, there are now several good collaborative working services to choose from, but at the present time, the facts that investors don’t know when Slack is going to be profitable, coupled with a fall in revenue have led some commentators to think that Teams is looking as though it could come out on top.

Google Or Samsung Android Cameras Could Be Spying On You

Posted on by Andy Miller

Researchers at Checkmarx say they have discovered vulnerabilities in Google and Samsung smartphone apps that could allow hackers to remotely spy on users using their phone’s camera and speakers.

Study

The proof-of-concept (PoC) study results, highlighted on the Checkmarx blog reveal how the Checkmarx Security Research Team cracked into the apps that control android phone cameras (firstly using a Google Pixel 2 XL and Pixel 3) in order to identify potential abuse scenarios.

The team reported finding “multiple concerning vulnerabilities” (CVE-2019-2234) which stemmed from “permission bypass issues”.  The team later found that camera apps from other vendors i.e. Samsung are also affected by the same vulnerabilities.

The Checkmarx team have since shared a technical report of their findings with Google, Samsung, and other Android-based smartphone OEMs to enable those companies to find fixes.

What Could Happen?

According to Checkmarx, the vulnerabilities mean that a hacker could use a rogue application (that has no authorised permissions) to take control of another person’s Android phone camera app.  This could allow the attacker to take photos and/or record videos as well as to gain access stored videos and photos, GPS metadata embedded in photos, and even to locate the user by taking a photo or video and parsing the proper EXIF data.

The researchers also found a way to enable a rogue app to force camera apps to take photos and record video even when a phone was locked or the screen is turned off, or when a user was is in the middle of a voice call.

One particularly worrying aspect of the Checkmarx findings is that if the video can be initiated during a voice call the receiver and the caller’s voices can be recorded.  This could allow eavesdropping that could enable an attacker to discover potentially sensitive personal data or to gather information that could be used for extortion.

Google

According to Checkmarx, after they shared their findings with Google, the Checkmarx team were notified by Google that the vulnerabilities weren’t confined to the Google Pixel product line but also extended to products (Android) by other manufacturers.  For example, Samsung also reportedly acknowledged that the flaws impact their Camera apps and said that they had begun taking mitigating steps. Checkmarx reports that Google has said that the problem has now been addressed on impacted Google devices via a Play Store update to the Google Camera Application in July 2019. Also, a patch has been made available to all Google partners.

What Does This Mean For Your Business?

It is very worrying that hundreds-of-millions of smartphone users may have been facing a serious privacy and security risk without being aware of it.  For business users, this may have left them open to industrial espionage and security threats, although there is no evidence that real hackers have exploited the vulnerabilities prior to them coming to light.

When it comes to smartphone apps, the best practice is to ensure that all apps on your device are kept updated. Other defensive actions you can take regarding your phone apps include checking the publisher of an app, checking which permissions the app requests when you install it, and deleting any apps from your phone that you no longer use.  It’s also now important to be aware of the threat posed by fake apps, and you may wish to contact your phone’s service provider or visit the high street store if you think you’ve downloaded a fake malicious/suspect app.

Tech Tip – Snip & Sketch

Posted on by Andy Miller

If you need to be able to quickly grab areas of your screen, annotate them and share them, Windows 10 has an easy to use Snip & Sketch app.

To use Snip & Sketch:

– Hold down the Windows key + Shift + S to bring up a snipping toolbar.

– Snip the required area of your screen which will then be automatically loaded to your clipboard.

– You will then receive an invitation (bottom right of the screen) to mark up and share the image you’ve clipped. Click on the words ‘Select here’.

– This will load the Snip & Sketch app.

– Annotate your image with the pen symbols and click on the save or share icons (top right).

Microsoft Announces New, Integrated ‘Office’ Suite App For Mobile Devices

Posted on by Andy Miller

Microsoft has announced that it is working towards the launch of its ‘Office’ mobile app (currently only available in public preview) which integrates Word, Excel, and PowerPoint mobile apps into a single app.

The ‘Office’ Vision

Microsoft says that the mobile app, called simply ‘Office’, represents their vision for what a productivity solution would look like if first built for mobile devices.

The idea is that users have all their Office documents together in one place, can reduce the need to switch between many different apps, and can reduce the amount of space that they use on their phone compared to multiple installed apps.

“Simple, Integrated Experience”

The ‘Office’ app is intended to provide users with what Microsoft describes as a “simple, integrated experience”.

The app combines Word, Excel, and PowerPoint, access to recent and recommended documents stored in the cloud or on a user’s device, the ability to search for documents across a user’s organisation if using a work account, and easy access to Sticky Notes e.g. for reminders and writing down ideas.

What Can You Do?

Microsoft’s Tech Community web pages say that users of ‘Office’ will be able to create content “in uniquely mobile ways” such as snapping a picture of a document and turning it into an editable Word file with just the press of a button or transforming a picture of a table into an Excel spreadsheet so that users can quickly work on the data. Also, a new Actions pane in the app will enable users to complete tasks such as creating PDFs with their camera and signing PDFs just by using their finger or scanning QR codes to open files and links.

Public Preview and Only On Phones

The Office app is currently available in public preview for Android and iOS, can be downloaded and used for free, and doesn’t require a sign-in to use it.  Those with work, school, or personal Microsoft Accounts can, however login and gain access to their files stored in the cloud via the app.

Microsoft has said that it will continue to support and invest in the existing Word, Excel, and PowerPoint mobile apps (‘Office’ isn’t replacing them), and that the new ‘Office’ app is currently only available for phones, although plans are afoot to extend this to tablets.

What Does This Mean For Your Business?

Back in February, Microsoft announced its new, free “Office” app for Windows 10 as an update to the former My Office app, and as a way for those who do have a 365 subscription and have Microsoft’s apps installed on their device to open Office from the Office app, and those who don’t have a subscription to be automatically directed to the online version.  This latest announcement of the preview stage, available to all, soon-to-be-launched ‘Office’ mobile app is a progression of Microsoft’s move to publicise, raise awareness about, and get more people using its (free) versions of Office.  This will also help Microsoft adapt and compete with rivals, such as Google, and appeal to business and other existing Microsoft Office users who are now used to being able to carry out most of their business on-the-go with mobile devices and apps.  Some of the features, such as taking a picture of a document and turning that into an editable file are likely to add value for many business users who are spending less time at the desktop.

The new app could mean time-savings (not switching between multiple apps), convenience and greater leverage of mobile capabilities for users, and for Microsoft, it offers them a way to keep existing users loyal to their OS and Office Suite, gain new users, and stay competitive in a rapidly evolving mobile working market.

“Stalkerware” Partner-Spying Software Use Rises By 35% In One Year

Posted on by Andy Miller

Kaspersky researchers have reported a 35 per cent rise in the number of people who have encountered the use of so-called ‘stalkerware’ or ‘spouseware’ software in the first 8 months of this year.

What is Stalkerware?

Stalkerware (or ‘spouseware’) is surveillance software that can be purchased online and loaded onto a person’s mobile device. From there, the software can record all of a person’s activity on that device, thereby allowing another person to read their messages, see screen activity, track the person through GPS location, access their social media, and even spy on the mobile user through the cameras on their device.

Covert, Without Knowledge or Consent

The difference between parental control apps and stalkerware is that stalkerware programs are promoted as software for spying on partners and they run covertly in the background without a person’s knowledge or consent.

Unlike legitimate parental control apps, such programs run hidden in the background, without a victim’s knowledge or consent. They are often promoted as software for spying on people’s partners.

Most Stalkerware needs to be installed manually on a victim’s phone which means that the person who intends to carry out the surveillance e.g. a partner, needs physical access to the mobile device.

Figures from Kaspersky show that there are now 380 variants of stalkerware ‘in the wild’ this year, which is 31% more than last year.

Most In Russia

Kaspersky’s figures show that this kind of surveillance software is most popular in Russia, with the UK in eighth place in Kaspersky’s study.

What Does This Mean For Your Business?

Unlike parental control apps which serve a practical purpose to help parents to protect their children from the many risks associated with Internet and mobile phone use, stalkerware appears to be more linked to abuse because of how it has been added to a device without a user’s consent to covertly and completely invade their privacy.  This kind of software could also be used for industrial espionage by a determined person who has access to a colleague’s mobile phone.

If you’d like to avoid being tracked by stalkerware or similar software, Kaspersky advises that you block the installation of programs from unknown sources in your smartphone’s settings, never disclose the passwords/passcode for your mobile device, and never store unfamiliar files or apps on your device.  Also, those leaving a relationship may wish to change the security settings on their mobile device.

Kaspersky also suggests that you should check the list of applications on your device to find out if suspicious programs have been installed without your consent.

If, for example, you find out that someone e.g. a partner/ex-partner has installed surveillance software on your devices, and/or does appear to be stalking you, the advice is, of course, to contact the police and any other relevant organisation.

Amazon Echo and Google Home ‘Smart Spies’

Posted on by Andy Miller

Berlin-based Security Research Labs (SRL) discovered possible hacking flaws in Amazon Echo (Alexa) and Google Home speakers and installed their own voice applications to demonstrate hacks on both device platforms that turned the assistants into ‘Smart Spies’.

What Happened?

Research by SRL led to the discovery of two possible hacking scenarios that apply to both Amazon Alexa and Google Home which can enable a hacker to phish for sensitive information in voice content (vishing) and eavesdrop on users.

Knowing that some of the apps offered for use with Amazon Echo and Google Home devices are made by third parties with the intention of extending the capability of the speakers, SRL was then able to create its voice apps designed to demonstrate both hacks on both device platforms. Once approved by both device platforms, the apps were shown to successfully compromise the data privacy of users by using certain ‘Skills and actions’ to both request and collect personal data including user passwords by eavesdropping on users after they believed the smart speaker has stopped listening.

Amazon and Google Told

SRL’s results and the details of the vulnerabilities were then shared with Amazon and Google through a responsible disclosure process. Google has since announced that it has removed SRL’s actions and is putting in place mechanisms to stop something similar happening in future.  Amazon has also said that it has blocked the Skill inserted by SRL and has also put in preventative mechanisms of the future.

What Did SRL’s Apps Do?

The apps that enabled the ‘Smart Spy’ hacks took advantage of the “fallback intent”, in a voice app (the bit that says I’m sorry, I did not understand that. Can you please repeat it?”), the built-in stop intent which reacts to the user saying “stop” (by changing the functionality of that command after the apps were accepted), and leveraged a quirk in  Alexa’s and Google’s Text-to-Speech engine that allows inserting long pauses in the speech output.

Examples of how this was put to work included:

  • Requesting the user’s password through a simple back-end change by creating a password phishing Skill/Action. For example, a seemingly innocent application was created such as a horoscope.  When the user asked for it, they were given a false error message e.g. “it’s not available in your country”.  This triggered a minute’s silence which led to the user being told “An important security update is available for your device. Please say start update followed by your password.” Anything the user said after “start” was sent to the hacker, in this case, thankfully, SRL.
  • Faking the Stop Intent to allow eavesdropping on users. For example, when a user gave a ‘stop’ command and heard the ‘Goodbye’ message, the app was able to continue to secretly run and to pick up on certain trigger words like “I” or words indicating that personal information was about to follow, i.e. “email”, “password” or “address”. The subsequent recording was then transcribed and sent back to SRL.

Not The First Time

This is not the first time that concerns have been raised about the spying potential of home smart speakers.  For example, back in May 2018, A US woman reported that a private home conversation had been recorded by her Amazon’s voice assistant, and then sent it to a random phone contact who happened to be her husband’s employee. Also, as far back as 2016, US researchers found that they could hide commands in white noise played over loudspeakers and through YouTube videos in order to get smart devices to turn on flight mode or open a website. The researchers also found that they could embed commands directly into recordings of music or spoken text.

Manual Review Opt-Out

After the controversy over the manual, human reviewing of recordings and transcripts taken via the voice assistants of Google, Apple and Amazon, Google and Apple had to stop the practice and Amazon has now added an opt-out option for manual review of voice recordings and their associated transcripts taken through Alexa.

What Does This Mean For Your Business?

Digital Voice Assistants have become a popular feature in many home and home-business settings because they provide many value-adding functions in personal organisation, as an information point and for entertainment and leisure.  It is good news that SRL has discovered these possible hacking flaws before real hackers did (earning SRL some good PR in the process), but it also highlights a real risk to privacy and security that could be posed by these devices by determined hackers using relatively basic programming skills.

Users need to be aware of the listening potential of these devices, and of the possibility of malicious apps being operated through them.  Amazon and Google may also need to pay more attention to the reviewing of third party apps and of the Skills and Actions made available in their voice app stores in order to prevent this kind of thing from happening and to close all loopholes as soon as they are discovered.

Banking App Fraud On The Rise

Posted on by Andy Miller

A recent report from cyber-security company RSA has highlighted a significant rise in fraud via fake banking apps.

Number of Attacks Has Trebled

The Fraud and Risk Intelligence (FRI) team at RSA have noted a tripling of the number of fraud attacks via fake mobile banking apps in the first six months of this year with rogue mobile app fraud generally up by a staggering 191 per cent.

Fake Mobile Apps Exploit Digital Finance Trust

Not only did the 40,344 fraud attacks represent a 63 per cent rise, but 29 per cent of those attacks were recorded as coming from fake mobile apps.

In fact, the report identified an 80 per cent rise in the use of financial malware in the first half of this year, highlighting how cyber-criminals are using the transformation of finance to the digital world and the increasing trust of users in financial apps and digital financial transactions as a way in.

Changing

Tech and finance commentators have noted that as companies offer more convenient digitised financial initiatives to customers e.g. open banking, and as this has necessitated customers engaging in more digital touchpoints, it has led to a widening of the potential ‘attack surface’ that criminals can take advantage of.

Could Banks Do More?

An Immuniweb report from August this year noted that a massive 98 per cent of the world’s100 leading financial technology (fintech) startup companies are vulnerable to web and mobile app attacks, and that 97 of the 100 largest banks are also vulnerable to web and mobile attacks which could facilitate a breach of sensitive data.

The Immuniweb report also highlighted mobile financial apps as being a problem area with all mobile apps tested showing at least one ‘medium risk’ security vulnerability, and 97 per cent having at least two medium/high-risk vulnerabilities. The tests also showed that over 50 per cent of mobile app backends have serious SSL/TLS misconfigurations or privacy issues which could be traced to not having robust-enough web server security.

This has led to some speculation that banks and other financial organisations could be doing more to help close potential security loopholes in their apps, thereby offering better protection to customers.

What Does This Mean For Your Business?

Mobile apps offer banks and other financial organisations a way to offer convenience and added value to their customers who want to be able to manage their finances on the go. However, legitimate app security problems, a proliferation of fake/rogue financial apps and a widening of the potential attack plane that this brings to consumers who increasingly trust their finances to mobile digital transactions have increased the attack plane and the risks that businesses and consumers face.

As users of banking and other financial apps, we can help protect ourselves by sticking to some basic security procedures such as not clicking on links in unfamiliar messages or texts (to avoid loading malware), keeping a close eye on our bank transactions, and by being very cautious when downloading apps of any kind. For example, to minimise the risk of falling victim rogue/fake apps, you should check the publisher of an app, check which permissions the app requests when you install it, delete any apps from your phone that you no longer use, and contact your phone’s service provider or visit the high street store if you think you’ve downloaded a malicious/suspect app.

Tech Tip – Any.do

Posted on by Andy Miller

Any.do is an award-winning to-do list, calendar, planner and reminders app that can help you to increase your productivity and stay on top of things.

The app allows you to add tasks and manage shared projects, and to create a prioritised to-do list that you can actually stick to.

The app also gives you classic, location-based, recurring, missed call, and follow-up meeting reminders, while providing a calendar that can be turned into a powerful productivity tool.  You can also use hands-free to add tasks and voice commands to manage your to-do lists.

The Any.do app is available on the Google Play Store and on Apple’s App Store.