Hackers are concentrating on mobile devices as more people conduct their internet banking on the move, according to a research firm. TowerGroup says that mobile devices are hackers' next big target.
"We're currently in the lull before the true storm. To ensure that the mobile banking and payments channel will ultimately thrive, there is no time to waste in getting ahead of the malware challenge," said Bob Egan, chief analyst at TowerGroup and the author of a new research paper. TowerGroup is a research and advice consultancy for the financial services sector.
"2007 will be the year that new banking and payment initiatives in the mobile channel will be increasingly targeted by those engaged in fraud and identity theft, with the goal of infecting or otherwise compromising mobile devices," said a TowerGroup statement. "These targets will include deployments where a mobile device acts as a credit or debit card."
Despite mobile phone operator predictions, banking on mobile phones has not been the popular success that some hoped. PDAs, though, are more commonly used to perform such complex functions. Those are also the devices which have the additional computing power that can make viruses and malware programs effective, something which TowerGroup says is not being considered carefully enough.
"Smart phones and wireless PDAs are particularly attractive to fraudsters given their advanced capabilities to support PC-like applications including Web browsing and instant messaging," said the company. "TowerGroup believes that current mobile commerce initiatives emerging from the financial services industry lack a reasonable and justifiable focus on mobile malware."
The company's research found that there are 200 mobile viruses in existence and that that number is doubling every six months. It also found that 80% of US business users of PDAs, smart phones and Blackberry email devices use them for personal as well as business purposes.
The company says that companies should take immediate action to prevent the hacking of mobile devices. "[Companies should] create enforceable policies regarding mobile usage that are communicated to employees, including what type of mobile downloads are safe and allowable," it said. "[They should] restrict the use of personal mobile phones that can be used for corporate activities, mirroring the security and protocols now in place for PCs."
"The success mobile banking and payments, as well as the concept of the mobile wallet, will be measured against the industry's ability to effectively contain the malware problems to a level that is at least on par with that of the existing internet channel," said Egan.