Mobile payment security challenges

 

All components of the C.I.A. security acronym, explained here, are important and applicable to securing mobile devices.  According to Harris (2010) one of the challenges of mobile devices is that the phone must authenticate on a network, but the network does not authenticate back to the phone itself.  A man-in-the-middle attack could happen if the attacker employs a rogue base station to capture this authentication.

SIM cards and other phone data can be prone to cell phone cloning issues.  cell phone cloning involves making a phone have the same credentials as another valid phone for criminal usage. Cell phone cloning typically involves physical theft of the device to carry out the attack.  SIM cards provide for some security in mobile transactions, but is reliant on how the application is programmed to use the SIM security (Kadhiwal and Zalfiquar, 2007).  Once a phone is cloned it can be used in the same way as the original which includes sending money with accounts setup within the device.

Many mobile devices include WiFi connections as well as Bluetooth.  The security challenges faced in securing these technologies in PC’s are no different in the need to keep them secure in mobile devices.  WiFi connections in public places are very common today, but should always be taken with a grain of salt.  Open WiFi access might not be a good place to conduct financial business over your mobile device as wireless is prone to many different types of attacks, such as sniffing and spoofing and eavesdropping.

SMS is fairly secure, but once again its downfall lies in the attackers ability to intercept the radio signal from the device.

Sources:

Harris, S.  2010. CISSP: exam guide: fifth edition. MacGraw-Hill.  New York, NY.

Kadhiwal, S., Zulfiquar, A. (2007). Analysis of mobile payment security measures and different standards. Computer Fraud & Security, 2007(6), 12-16. doi:10.1016/S1361-3723(07)70077-5