Jun 21, 2018

In 2014, security provider Kaspersky recorded about 12,100 mobile banking Trojans, which all were after the users’ banking access and transaction data. All in all, security specialists identified more than 295,000 mobile malware programs attacking Smartphones in 2014. Please note: we’re not talking about three hundred thousand attacks but three hundred thousand aggressive programs!

A key gateway for cyber criminals is the mobile communication between staff and proprietary servers. If, for instance, sales staffs retrieve CRM data from their tablet PC or Smartphone or use these devices to confirm orders and transmit customer data, inadequately secured mobile devices are major risks. They can be used to introduce viruses or Trojans into the corporate network or to steal data. In B2C-E-commerce the situation is a similar one. Customers use their Smartphone to order goods or services and for online banking transactions. These days, this is usually realized through mobile apps. Suchlike apps frequently reside on unsecured or inadequately secured Smartphones and are thus prone to cyber-attacks themselves.

Many companies try to address such risks by making use of Mobile Device Management (MDM) solutions, which – to put it simple – centrally control and protect all programs and the entire data exchange on the mobile device. However, this is not the perfect solution for devices that employees use for private and for business purposes. And customer devices are completely out of a company’s control. It thus seems natural to secure the app instead of the device – and to do so in a manner that it cannot be corrupted even in unsecured environments that cannot be fully controlled.

KOBIL’s solution comprises a frontend and a backend component. The Software Development Kit can be integrated with just any mobile app. It allows for protecting apps from being copied by dedicated devices, from manipulation and the creation of fake-apps. The apps developed with the SDK accommodate the security solution’s frontend component.

When being activated initially, the app created with the SDK connects to the respective mobile device and registers itself with the Smart Security Management Server (SSMS), which is the security solution’s backend component. It provides the below information:

does the mobile app actually run on the device it was initially registered with or has it been copied to another device;
does the running app still feature its original code or has it been modified;
is the app’s version correct or does it have to be updated;
if applicable, the authentication (user’s PIN) for the mobile platform.

The company can thus rely on having a secured connection to the terminal device and on the encrypted data received from the app being authentic – even if the app’s environment should be unsecured. Moreover, the solution can be used to clearly identify users. And apps being secured like this can serve to reliably authorize transactions and realize secured (encrypted) communication.

Murat Ayranci