Posted by & filed under Ecommerce, M-commerce, Security, Software.

Description:  Mobile devices are becoming bigger targets for malware creator


Date: Oct 14, 2010

In early 2009, Citigroup (C) launched a new mobile banking application for the iPhone. It let customers check their account balances and pay bills while on the go. Thanks to a bit of sloppy code, it also could have let hackers access the banking information for 118,000 customers who downloaded the app.

This story has a happy ending—Citi discovered the security flaw in June, before hackers could exploit it, and the bank says no customer lost money. However, experts say hackers may be quicker to exploit shoddy coding the next time around.   Click here for rest of story

Questions for discussion:

  • Comment on the quote “ The bad guys follow the money” in relation to m-commerce.
  • Who should be responsible for security protection on smartphone apps, hardware makers or software makers?
  • Does Apple have an advantage in relation to other smartphone venders in regards to protecting clients from malware? Why?

18 Responses to “Smartphone Apps Go (Truly) Viral”

  1. Krystle Hurley

    I agree with the quote “the bad guys follow the money.” I believe that m-commerce is particularly vulnerable to crime because it lacks the physical aspect found in other types of crime; it is difficult to actually physically witness a crime being committed with respect to m-commerce. In addition to this, m-commerce is a rapidly growing facet of electronic business and with new technology comes new ways to exploit that technology.

    I believe that both hardware and software developers should be responsible for security protection. Hardware makers should have the primary responsibility of making sure that their product is safe and secure for consumers, but at the same time software developers should also have a responsibility to make sure the software that they create is safe as well. The issues of security protection on phones is large enough that a joint effort must be made.

    I believe Apple does have an advantage over other smartphone vendors because everything implemented into their phones is done by Apple itself. This makes it easier to coordinate all of the facets of smartphone production and also ensures consistency and compatibility throughout these facets.

  2. Dustin Moore

    I agree with the quote about following the money because if you are a smart criminal this is the way you should be stealing. Without having to put yourself in the position where it is easy to be caught like robbing a bank. Without security software it is an easy opening for criminals to come and take peoples money with them not even knowing it. I think both hardware and software companies should be dealing with this security. If smart phones are taking over from laptops they should learn from apple, who puts there own security on there computers and prevents hackers from getting on there accounts, but there is still the opportunity for these computers to use security software from other companies. If phones want to be as secure as the apple computers they will need to figure out a system to have the hardware.

  3. Nathan Cornell

    First, “Bad guys follow money” in relation to m-commerce is a statement that will prove to be true. If companies like google do not test their apps before they release them they are extremely vulnerable to hackers who can use this information for their personal gain financially. I think software makers should be responsible for app security. Selling a product with known holes in it is setting your consumer up to be exploited. This could create terrible PR for the company and eventually decrease sales. Apple has an advantage in that it does test its apps, so instills a sense of security within the customer.

  4. Erika

    I think that if there is even a slight hole in the security coverage on a smart phone, hackers will find a way to take advantage of the situation. I think that hackers will definitely aim to steal from this type of technology because it is a crime that is not as easily tracked. I personally would not do any banking on a smart phone unless I was 100% sure that all of my personal information was secure; with this being said, I agree that the future will bring big business for the makers of antivirus software. Our society values convenience, meaning we will pay the extra amount of money for the ability to securely bank while on the go.

  5. Shawna MacDonald

    “The bad guys follow the money” – money is probably the most lucrative motivation. If you think about it, the way people are best motivated is by money. Isn’t that why we go to school? So we can make more money in the future. Scams are becoming excessively common as an easy way for someone to make a buck. Therefore, as consumers, we should be concerned with our privacy in any technology we use, whether it be the internet, credit cards, or mobile phones. I could never see myself using a mobile application to do my banking, the idea of it is too sketchy. I think that software companies should be more responsible in protecting clients from malware because it is their software that enables hackers to gain information from clients and cause the problems. If they made an approval process of some sort such as Apple before the app was readily available on the market that would be very beneficial. The only problem I can see is, especially with the Android phones, is that Google only manufactures the software and not the hardware – and it more likely than not that if someone’s banking information was put at risk that they would blame the hardware and not the software manufacturer. Therefore it is important as hardware manufacturers to ensure satisfaction with the security of the software you are putting on your devices.

  6. Mark Anderson

    The quote “the bad guys follow the money” means that if there is money being used there will be people there trying to steal it. This is true for m-commerce because people are using their smart phones for banking transactions so there will be people there trying to steal it. This might turn into an even bigger problem because no person has to physically be there to take the money. It think it should be the software makers’ responsibilities to provide security for Smartphone apps. It is also in their best interest to provide security for their apps. They want consumers to use their apps and the only way they will is if the people know that the apps are going to keep their personal information safe.

  7. TracyF

    I was not aware of the importance of security software for smartphones. My smartphone is at the point of malfunction that I don’t dare to try anything advanced with it (like banking). That said, when I get my new smartphone I will be much more careful. I do believe the responsibility for security protection on smartphone apps lies with everyone involved – the hardware makers, software makers, AND users! Hardware makers must do everything they can to make a phone that is difficult for hackers / malware creators to access. Software designers must incorporate security into all apps, not just banking ones, for user safety. And finally, users must be aware of what they’re downloading and be responsible enough to check any bank apps / accounts for mysterious activity. And now that I see the need for smartphone security, I definitely see an opportunity for companies such as McAffee and Norton to get involved and make some money.

  8. Addison Rickaby

    “The bad guys” are just as aware of the current obsession with smart phones as we are. Everybody wants to do more, all the time, from the palm of their hand; including banking. Who wants to consume their time traveling to their nearest branch to do make simple banking transactions? When you can access your banking info, make money transfers, and even deposit a cheque, all with your smart phone. With this realization comes the need for apps to become more secure and enable us users to use these functions safely and with ease. There is a huge market for criminals to make money by stealing or hacking through the use of apps. This in turn, generates the huge potential for security companies to capitalize on smart phone based security software.

  9. brett s

    As an owner of the I phone, I can vouch to the practicality of all the apps and different functions that it has to make our lives easier. Its like carrying a mini computer in your pocket all day and who wouldnt want that? I believe that sooner or later programers will make a costly mistake in their software or hardware and hackers will take advantage of this and exploit it. Most people that rely on their smartphones to do banking, email, etc. can possibly be in danger, but untill there is a hacking pandemic that we can all blame on programmers lack of protecting us from hackers and not our own nievety, we will continue to use these smart phones to make our lives easier.

  10. Chelsey Kitaguchi

    The quote “the bad guys follow the money” is just trying to reinforce the fact that hackers are now interested in m-commerce activities, and that users have to watch out for them.
    As for responsibility of security, I feel that it is the same situation for phones as it is for computer security. Computer users that are willing to pay big bucks for security systems will most likely go many years without any technical hacker problems. I feel that users have to be just as suspicious of downloads on their phones as they do on their computers. If the website seems “sketchy”, don’t download it. I believe that security companies like McAfee will be able to get a great deal of profits from opening its market up to mobile users. I also think it is really smart of Apple to review its apps before allowing users to download them. Users will feel safe, and therefore more willing to buy more and more apps, whereas others may only buy and download a fair few that they are 100% sure are safe. Overall, I think that m-commerce is going to explode to the same degree as computers are in, and users need to start thinking of their phones as tiny computers, and go to the same lengths of protection for both pieces of technology.

  11. Jo-Anne

    What an interesting and though-provoking article! I think it is sad that some people in our society like to hack into computer systems (including mobile systems) and like to spy on users of these systems or access data on these systems they are not authorized to. I think it is sad that hackers direct malicious programming code to PCs and to mobile computer systems, such as smartphones.

    This article speaks of a Chinese security company finding an Android application that “posed as a restaurant tip calculator but also forwarded user’s text messages to hackers”. This article speaks of other hackers maliciously programming mobile phones to automatically call “premium rate phone numbers … racking up big bills” for the phones’ users. I think that these and other hacking examples are sad, indeed.

    I applaud companies such as McAfee, Symantec, SMobile Systems, and Lookout for striving to help mobile computing devices be more secure than they otherwise might be. I think some of the methods used by these companies to help with computer system security are fascinating — e.g., use of GPS systems to help locate lost phones, and remotely wiping data from lost phones. Neat! I wish these companies the very best with their endeavours.

    This article suggests that Apple systems might be less vulnerable to viral attacks that PCs, because Apple presumably checks their application more vigilantly before opening them up for wide-spread use. I would have to research this interesting issue in more depth before I could say anymore about whether PCs are more vulnerable to viral attacks than Apple system. I suspect that if I were to conduct such research, I would most likely find that Apple systems are less vulnerable to hacking in some situations, and are equally as vulnerable as PCs, if not more vulnerable, in other situations.

    I think this one are “must reads” for anyone using mobile technology in our society — security is an issue surrounding all computer systems afterall, and is important for computer users to become educated about.

  12. Jerica F

    I think that any place you use personal information should have security. When you go to a bank machine, you make sure no one sees your pin number as you put it in or when you use a debit machine at a store. When your online, whether it be on your computer or on a smartphone, you should have security. If you willing to put your personal information in the hands of someone else for security purposes then you run the risk of being hacked. All software has issues for one reason or another and security software is no different. The easiest way to prevent yourself from being hacked for your information is to not use your phones or computers to do banking, purchasing, etc. Go to an actual bank and talk with the teller, go to an actual store and purchase your goods. I have a smart phone and I do not use it for anything that could potentially be harmful. I think that this concern is mostly in part to the fact that people are becomming busier and busier as well as lazy. We do not want to get up and do our running around, we would rather sit on the couch or at work and do our running around from our phones. Personally, if you want to use your phone for everything, you are fully aware of the risks involved even if you have security software.

  13. Samuel Yung

    I agree the comment of “The bad guys follow the money”, especially when we are in this phase where smart-phones is popular. Having an smart phone helps us make our lives easier, however I think this would mean that it would be easy for hackers to get your private information (like Bank accounts) and steal from you. As talked about in the article, smart phone applications has flaws, this gives hackers a lot of opportunities to access peoples information. I think it would be impossible to build software/application to protect all of our information. As info shows in the article say that there are still a lot of new malware created for computers that would steal your valuable information. In the future I believe that the hackers will switch their targets to smart phones and we as users the only thing that we could do is protect our information; try not to use smart phones and fill in personal information.

  14. Lisa

    “The bad guys follow the money” yes, but not only bad guys..ALL of us follow money. Everyone is here to make money, money is what people are driven by and though it’s a horrible thing to say…it’s true. I think that whatever the developer, they need to be in charge on protection of that application before it hits the stores. It is important to us as consumers to have as close to a “flaw free” phone as posible. There are already enough security issues when it comes to phones as it is, and with this forever evolving market in the smartphone, it would be nice to know that what you are buying, is a smart choice and will not hurt you in the long run.

    It is known that smartphone applications are going to have flaws…everything will, but it is also known that people’s lives are revolving around their cell phones and this security problem can easliy be vanished if they weren’t doing their banking on their phone! If you worry about getting hacked into, then go inside the bank like we used to. it’s simple.

    So really, yes i do think that everything needs to be looked through with a fine toothed comb before it goes out on the market…i also think that if people are so worried about getting hacked by using applications such as this one, then they should not be so lazy and take the time to do it “old school”

  15. Celest-

    The quote “bad guys follow the money” depends on the context in which any individual sees it. We can see the bad guys as the hackers who go after other people’s computers attempting to steal information off of them to sell it for money going into their own pockets.

    We can also see the “bad guys following money” as the companies that create the apps as even though they cause worldwide technological advancement, their main aim is to sell, sell, and sell their inventions without bearing in mind how safe their customers really are while using these products. That said, Software makers should have the responsibility of ensuring their customers’ safety as they use these products. After all, aren’t these customers paying money to have access to these products? -to software companies, simply add the cost of security to these products and keep the customers safe.

  16. Jared Cox

    I think that quote, can be said for money things. I mean obviously criminals are going to follow the money because thats what theyre after just like anyone else. Also they probably want that money with the least amount of effort so if it is through exploiting shoddy code in apps then they are going to do that. I think that they share a responsibility however whoever is releasing the app and says it is secure should bear the biggest responsibility for the weight of poor security. Yes, apple has a huge advantage because so far all of their personal computers appear to be virus free and hackers cannot access them. Whether this is the same for smart phones or not I’m not sure, but they definately pose a comptetive advantage in the computer industry due to their high security levels.

  17. Marcel Ter Denge

    I agree with the quote “The bad guys follow the money” in relation to m-commerce. M-commerce is getting big and it is only continuing to grow, and with this expanding market the bad guys are looking for ways that they can make some of the money. I believe that the responsibility of security protection for smartphone apps should be on both hardware and software makers, because if they work together they will only make the product’s security better, which is very important to the consumer. I do believe that Apple has an advantage over other smartphones, because they check all apps themselves before releasing them to ensure that the security is up to standards and that the app isn’t a scam in itself.

  18. Jen

    This is a very interesting situation, although not surprising. In today’s society, the “convience” of completing our personal checklist on the move is becomming increasingly attractive. In my opinion, when we take advantage of the convience with technology devices, such as the smartphone, I do believe that we are voluntarily subjecting ourselves to this sort of personal invasion. Although, I think for us to proceed through our day to day lives, we have to stay up to date with technology, so were not left behind. With this sort of pressure, I wonder, “who is protecting my information”? I believe it is the software apps that should ensure our privacy and personal protection. On the contrary, with the innovative technology that is being introduced globally, we should take it upon ourselves and use our own discretion as well, to make the right choices in protecting our own information (ie. banking information), and choose wisely who we share our personal information with.

Leave a Reply

Your email address will not be published.