Living dangerously in the hacker’s shadow in a ‘less-cash’ economy- India

Vulnerabilities exist

Vulnerabilities associated with payments systems exist and hence signal the need for caution. Examples follow.

Compromised applications: The most plausible vulnerability with payment applications is the presence of other applications on a consumer's mobile phone. If a user has an alternative keyboard application, it could be a risk in terms of logging passwords and pins while performing bank transactions. It is also possible that a user inadvertently downloads an application while browsing the web that could compromise his/her phone data and transactions. With some payment wallets, anyone having casual access to a user's mobile phone could be a vulnerability as application PINs are not set up.


Man-in-middle vulnerability: In this scenario, a hacker gets access to either the servers on the telecom network, the payment wallet or the bank's networks. Listening to the communication (despite being encrypted) could still be considered a risk. This type of vulnerability could be considered to be more esoteric. Hacking of a bank's or NPCI's servers could end up exposing personal details of users, while hacking of a mobile (GSM) network (A5/1 encryption has known vulnerabilities) could expose all communication, especially the USSD-based transactions.



http://www.thehindu.com/todays-paper/tp-business/Living-dangerously-in-the-hacker's-shadow-in-a-'less-cash'-economy/article17114551.ece



Comments