Secure Connectivity for Mobile Banking and Payment Apps: Strong Authentication

Secure Connectivity for Mobile Banking and Payment Apps: Strong Authentication

Here we provide a short overview of why strong authentication is seriously needed to provide security for mobile banking and payment applications. 

Plugging the Security Gaps in Mobile Banking Apps

Plugging the Security Gaps in Mobile Banking Apps

An investigation conducted by "Which?", a consumer watchdog group based in the UK, found serious vulnerabilities in the security of banking security systems, including mobile banking apps.

Secure Hardening for Mobile Banking Apps: Native Code Obfuscation

Secure Hardening for Mobile Banking Apps: Native Code Obfuscation

In the mobile environment, source code is often distributed without enough security. Programs compiled as bytecode, such as the ones developed for Java or .NET, contain almost all the original information from the source code. Programs developed with native code, usually developed in C, Objective-C, or C++, are much more difficult to reverse. In what follows, we will look at the difference between interpreted code and native code in mobile operating systems and why we still need native code obfuscation.

Secure Hardening for Mobile Banking Apps: Data Obfuscation

Secure Hardening for Mobile Banking Apps: Data Obfuscation

When developing an application for mobile banking, application hardening using code obfuscation is one possible way of protecting sensitive data. However, this may not be an acceptable solution in many different scenarios: when the data to protect must be (partially) displayed, linked to other accounts or other data, or sent to a remote network, etc. The general solution to this problem is data obfuscation.

Secure Hardening for Mobile Banking and Payment Apps: Anti-Debug

Secure Hardening for Mobile Banking and Payment Apps: Anti-Debug

In the mobile environment, while debuggers are legal and legitimate development tools, they can also be used to reverse mobile banking and payment applications. This article describes some of the possible anti-debug techniques.

Secure Connectivity for Mobile Banking and Payment Apps: HTTPS Vulnerabilities

Secure Connectivity for Mobile Banking and Payment Apps: HTTPS Vulnerabilities

Here we describe some of the HTTPS vulnerabilities in the context of mobile banking and their countermeasures.

Secure Connectivity for Mobile Banking and Payment Apps: HTTPS Tunneling

Secure Connectivity for Mobile Banking and Payment Apps: HTTPS Tunneling

In this article, we will describe what HTTPS tunneling is and how it has been used in mobile banking and payment applications. We also look at some of its vulnerabilities and remedies to the described attacks.

Secure Connectivity for Mobile Banking and Payment Apps: Access Token Protection

Secure Connectivity for Mobile Banking and Payment Apps: Access Token Protection

In this article, we introduce the role that access tokens play in mobile banking applications and provide recommendations on how to secure these access tokens. We will also explain why such security measures are important.

Overview of App & Code Hardening for Mobile Banking Apps

Overview of App & Code Hardening for Mobile Banking Apps

Application hardening usually consists in processing an already developed application, and transforming it so to make it difficult / impossible to reverse engineer and tamper.