SlideShare a Scribd company logo

Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link

Download as PPTX, PDF
IBM Security
IBM Security

The mobile banking and payments opportunity for financial institutions is tremendous, and those who offer the most secure apps will prevail over the competition. But this opportunity is not without hazards, and the effect on revenue and brand caused by hackers can be devastating. In this webinar, IBM Security Trusteer and Arxan focuson the mobile threat landscape and leading protection techniques to safeguard mobile payments and apps. Industry experts from IBM Security Trusteer and Arxan review: The changes in technology that have made mobile applications so vulnerable Emerging mobile threat vectors and what you can do to mitigate the risks Musts for the future of your security model View the on-demand recording: http://arxan.wistia.com/medias/036z0iw7y1

Technology
1 of 40
© 2013 IBM Corporation Arxan & Trusteer Present: Securing Mobile Banking Apps – You are only as strong as your weakest link Trusteer: Ori Bach Arxan: Jonathan Carter © 2015 IBM Corporation
© 2015 IBM Corporation2 IBM Security Systems Agenda • Mobile App and Payment Landscape • How Criminals Can Attack Your App • Comprehensive Protection Techniques • Q&A
© 2015 IBM Corporation3 IBM Security Systems Mobile App and Payment Landscape
© 2015 IBM Corporation4 IBM Security Systems Mobile Banking Services Can be a Competitive Advantage Mobile banking is the most important deciding factor when switching banks (32%) More important than fees (24%) or branch location (21%) or services (21%)… a survey of mobile banking customers in the U.S. 1 Mobile banking channel development is the #1 technology priority of N.A. retail banks (2013) #1 Channel The mobile payments market will eventually eclipse $1 trillion by 2017 $1tn 43% of 18-20 year olds have used a mobile banking app in the past 12 months 29% Cash-based retail payments in the U.S. have fallen from 36% in 2002 to 29% in 2012 $ Of customers won't mobile bank because of security fears 19% 90%Of mobile banking app users use the app to check account balances or recent transactions
© 2015 IBM Corporation5 IBM Security Systems However, Security Is Front and Center and Must Be Addressed
© 2015 IBM Corporation6 IBM Security Systems Many Are Falling Short • Majority of top 100 paid Android and iOS Apps are available as hacked versions on third-party sites • …as are many financial service, retail, and healthcare apps • (State of Mobile App Security, Arxan, 2015) • "Chinese App Store Offers Pirated iOS Apps Without the Need to Jailbreak” (Extreme Tech, 2013) http://www-03.ibm.com/software/products/en/arxan-application-protection
© 2015 IBM Corporation IBM Security 7 You are only as strong as your weakest link Application Risks Device Risks Session Risks  App hacking  App security vulnerabilities  Rooted / jailbroken devices  Outdated OS security vulnerabilities  Malware  Unsecure connection  SMS forwarding  Mobile ATO / cross-channel ATO
© 2015 IBM Corporation8 IBM Security Systems How Criminals Can Easily Attacks Your Mobile Banking App
© 2015 IBM Corporation9 IBM Security Systems Typical Software Security Lifecycle Design, Build, TestPlan High-Level Risk Assessments Security Policy Review Define Security Requirements Security Architecture Review Threat modeling Static Analysis Dynamic Testing Penetration Testing Test, Deploy Application Monitoring Secure Code Review Secure Coding Training Final Functional & Security Testing Produces a “Secure” Application with few, known and acceptable vulnerabilities BUT …
© 2015 IBM Corporation10 IBM Security Systems Even Secure Mobile Apps can be Hacked z Centralized, trusted environment • Web apps • Data center custom apps Distributed or untrusted environment “Apps in the Wild” • Mobile Apps • Internet of Things / Embedded • Packaged Software Vulnerability Analysis and Flaw Remediation Vulnerability Analysis and Flaw Remediation Application Hardening and Run-Time Protection Application Environment Application Security Model Attackers do not have easy access to application binary Attackers can easily access and compromise application binary “Build It Secure” “Keep It Secure”
© 2015 IBM Corporation11 IBM Security Systems App Confidentiality and Integrity Risks • Application binaries can be modified • Run-time behavior of applications can be altered • Malicious code can be injected into applications Integrity Risk (Code Modification or Code Injection Vulnerabilities) • Sensitive information can be exposed • Applications can be reverse-engineered back to the source code • Code can be lifted and reused or repackaged Confidentiality Risk (Reverse Engineering or Code Analysis Vulnerabilities)
© 2015 IBM Corporation12 IBM Security Systems Anatomy of Attacks on Mobile Apps Reverse-engineering app contents 1. Decrypt the mobile app (iOS apps) 2. Open up and examine the app 3. Create a hacked version 11 110 01 0 1001110 1100 001 01 111 00 11 110 01 0 0101010 0101 110 011100 00 Extract and steal confidential data Create a tampered, cracked or patched version of the app Release / use the hacked app Use malware to infect/patch the app on other devices 4. Distribute App https://www.arxan.com/how-to-hack-a-mobile-application
© 2015 IBM Corporation13 IBM Security Systems But isn’t My App Encrypted? Well, yes, but … iTunes Code Encryption Bypass • It is easy for hackers to bypass iOS encryption to progress a mobile app attack.
© 2014 IBM Corporation IBM Security 14  Server-side Device ID is not effective for mobile devices  Mobile devices share many identical attributes  Mobile devices have the same attributes: OS, browser, fonts etc..  Cybercriminals can easily trick traditional device ID systems Cybercriminals love mobile anonymity 14 Account Takeover via a Criminal Mobile Device
© 2014 IBM Corporation IBM Security 15 Online Banking Cross channel account takeover attacks Credentials Theft LOGIN MobileLogin The Bank’s Mobile Banking App / website Customer Credentials, data Criminal
© 2014 IBM Corporation IBM Security 16  Rooted or Jailbroken Devices  New jailbreak techniques  Jailbreak and rooting evasion  Data sent/ received exposed  Including data sent over SSL  No defense against malware  SMS interceptors  Overlay attacks  Automated malware  Data stealers Vulnerable and Compromised Devices
© 2014 IBM Corporation IBM Security 17 Financial Malware and Ransomware  Installing malicious up as “device admin”  App prevents user from deleting it
© 2014 IBM Corporation IBM Security 18 SVPENG Screen “injection” Overlay on Google PlayOverlay on Russian Bank Login Screen
© 2014 IBM Corporation IBM Security 19 Ransomware: Now on Mobile – cant remove the app!
© 2015 IBM Corporation20 IBM Security Systems  Cybercriminals convince users to supply mobile phone number to install app on phone via malware or phishing  Users installs fake security application and enters activation code  Malware captures all SMS traffic, including OTP and forwards to fraudsters where fraudulent transfers via online and captured OTP need to bypass authentication Example of SMS forwarding attack Coordinated attacks across PC and mobile
© 2014 IBM Corporation IBM Security 21 OTP SMS forwarding for sale as underground service 21 User Name + Password OTP SMS Credentials OTP SMS TOR C&C
© 2015 IBM Corporation22 IBM Security Systems Mobile App & Mobile Payment Protection Techniques
© 2015 IBM Corporation IBM Security 23 IBM - An integrated approach to secure mobile banking Build it Safe Keep It Safe Prevent Misuse  Hacking  App security vulnerabilities  Rooted / jailbroken devices  Credentials stealing malware  Data transferred over an unsecure connection  Account takeover fraud  SMS forwarding malware IBM Security App Scan IBM Security Access Manager Trusteer Mobile SDK / Browser Trusteer Pinpoint Criminal Detection Arxan Worklight
© 2015 IBM Corporation IBM Security 24 Detecting Vulnerable and Compromised Devices  Trusteer Mobile SDK detects mobile malware and rogue apps  Mobile Malware  SMS Interceptors , Device rooters, Data stealers, Generic downloaders  Rogue Apps  Access sensitive functions (like SMS)  Launch at startup  Not pre-approved by Trusteer  Reported as risk factors
© 2015 IBM Corporation IBM Security 25 Criminals attempt to eavesdrops to app on unsecure devices Criminals looks for security vulnerabilities Criminals attempts to hack application Criminals deploys credential stealing malware Holistic data protection with IBM Mobile Security Mobile Banking Access is prevented from jailbroken/rooted devices detected by Trusteer Mobile SDK All vulnerabilities removed with Appscan Hack fails due to Arxan obfuscation and runtime protections Access is prevented from malware infected devices detected by Trusteer Mobile SDK
© 2015 IBM Corporation IBM Security 26 Detecting Criminal Devices with Trusteer  Determines device location (GPS/Network triangulation)  Detects IP “Velocity” Condition Trusteer Pinpoint Detection Trusteer Mobile SDK
© 2015 IBM Corporation27 IBM Security Systems Online Banking Detecting and responding to account takeover attacks Restrict Access Credentials Theft Trusteer Pinpoint Malware Detection LOGIN Trusteer Pinpoint Criminal Detection App Login • Jailbroken / Rooted Device • Malware Infection • New device ID • Unpatched OS • Unsecure Wi-Fi connection • Rogue App Account Risk Device Risk+ • Proxy • New Payee • Spoofing • Phished Incident • Malware Infection1 2 The Bank’s Mobile Banking App Trusteer Mobile SDK Customer Credentials, data Criminal ISAM Policy and Runtime Management
© 2015 IBM Corporation28 IBM Security Systems Online Banking Stopping account takeover using SMS forwarding malware Payment Denied LOGIN Trusteer Pinpoint Criminal Detection App Login • Jailbroken / Rooted Device • Malware Infection • New device ID • Unpatched OS • Unsecure Wi-Fi connection • Rogue App Account Risk Device Risk+ • Proxy • New Payee • Spoofed device • Phishing Incident • Malware Infection1 2 The Bank’s Mobile Banking App Trusteer Mobile SDK Customer OTP SMS Forwarded Criminal ISAM Policy and Runtime Management Criminal initiates payment requiring OTP authorization
© 2015 IBM Corporation29 IBM Security Systems Application Protection: Can you say: Ob-fu-sca-tion! Confuse the Hacker • Dummy Code Insertion • Instruction Merging • Block Shuffling • Function Inlining • … and More! Turns this into this …
© 2015 IBM Corporation30 IBM Security Systems Application Protection: Preventing Reverse Engineering Other Techniques • Method Renaming • String Encryption • … and More! String not found Where did it go?
© 2015 IBM Corporation31 IBM Security Systems Application Protection: Preventing Tampering Common Techniques Checksum -- Has the binary changed? If so, let me know so I can do something about it! Method Swizzling Detection -- Is someone hijacking my code? Debug Detection Is a Debugger Running?
© 2015 IBM Corporation32 IBM Security Systems Application Protection: A Number of Guards Can Be Leveraged Defend against compromise • Advanced Obfuscation • Encryption • Pre-Damage • Metadata Removal Detect attacks at run-time • Checksum • Debugger Detection • Resource Verification • Resource Encryption • Jailbreak/Root Detection • Swizzling Detection • Hook Detection React to ward off attacks • Shut Down (Exit, Fail) • Self-Repair • Custom Reactions • Alert / Phone Home
© 2015 IBM Corporation33 IBM Security Systems Application Protection: Multi-Layered Protection – Example
© 2015 IBM Corporation34 IBM Security Systems  Mobile payment, with the existing retail PoS infrastructure  HCE mobile apps have particular needs  Need protection of keys and cryptography • Offline, as well as online  Need to work on any Android device • From any manufacturer • With any mobile operator  Should be portable to other platforms • Once they support HCE too  Arxan’s innovative solution  TransformIT® • Whitebox cryptography  PLUS Application protection technology • Anti reverse-engineering • Tamper resistance Application Protection: Mobile Payment Apps: Host Card Emulation
© 2015 IBM Corporation35 IBM Security Systems Application Protection: Why Arxan?  ‘Gold standard’ protection strength – Multi-layer Guard Network – Static & run-time Guards – Customizable to your application – Automated randomization for each build  No disruption to SDLC or source code with unique binary- based Guard injection  Cross platform support -- > 7 mobile platforms alone  Proven – Protected apps deployed on over 300 million devices – Hundreds of satisfied customers across Fortune 500  Unique IP ownership: 10+ patents  Integrated with other IBM security and mobility solutions
© 2015 IBM Corporation36 IBM Security Systems World’s Strongest App Protection, Now Sold & Supported by IBM Benefit of your existing trusted relationship with IBM • Arxan’s technology now available from IBM: Sales, Solution, Services, Support from IBM, with close collaboration between IBM and Arxan to ensure your success • Leverage your existing procurement frameworks and contract vehicles (IBM Passport Advantage, ELAs, Perpetual License, Elite Support, etc) for purchasing Arxan products and take advantage of your relationship pricing and special discounts from IBM Leverage Arxan as part of comprehensive solution portfolio from IBM to holistically secure mobile apps, with value-adding validated integrations • Enables unique ‘Scan + Protect’ application security strategy and best practice for building it secure during development (AppScan) and keeping it secure deployed “in the wild” (Arxan) • Value-adding Arxan integrations, validations, and interoperability testing with other IBM products (e.g., IBM AppScan, IBM Trusteer, IBM Worklight)
© 2015 IBM Corporation37 IBM Security Systems NEXT STEP: Contact your IBM representative or email IBM@Arxan.com for more information Webinar participants eligible for Free Evaluation of “Arxan Application Protection for IBM Solutions” Now offered as part of IBM’s Security Portfolio Special Offer for Webinar Participants
© 2015 IBM Corporation38 IBM Security Systems Additional Resources Arxan/IBM White Paper: Securing Mobile Apps in the Wild http://www.arxan.com/securing-mobile-apps-in-the-wild-with-app-hardening-and-run- time-protection/ How to Hack An App https://www.youtube.com/watch?v=VAccZnsJH00 IBM Whitepaper: Old Techniques, New Channel: Mobile Malware Adapting PC Threat Techniques https://www14.software.ibm.com/webapp/iwm/web/signup.do?source=swg- WW_Security_Organic&S_PKG=ov26530&S_TACT=C341006W&S_CMP=web_opp_s ec_trusteer_msdk/
© 2015 IBM Corporation39 IBM Security Systems Q&A
© 2015 IBM Corporation40 IBM Security Systems Thank You! Ori Bach ORIBACH@il.ibm.com Jonathan Carter jcarter@arxan.com

Recommended

How to Hack a Cryptographic Key
How to Hack a Cryptographic KeyHow to Hack a Cryptographic Key
How to Hack a Cryptographic KeyIBM Security
 
Follow the Money, Follow the Crime
Follow the Money, Follow the CrimeFollow the Money, Follow the Crime
Follow the Money, Follow the CrimeIBM Security
 
New trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & MobileNew trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & MobileSISA Information Security Pvt.Ltd
 
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Security
 
Malware on Smartphones and Tablets: The Inconvenient Truth
Malware on Smartphones and Tablets: The Inconvenient TruthMalware on Smartphones and Tablets: The Inconvenient Truth
Malware on Smartphones and Tablets: The Inconvenient TruthIBM Security
 
IBM Mobile Analyzer Saves the Day
IBM Mobile Analyzer Saves the DayIBM Mobile Analyzer Saves the Day
IBM Mobile Analyzer Saves the DayIBM Security
 
Information Risk and Protection
Information Risk and ProtectionInformation Risk and Protection
Information Risk and Protectionxband
 
Améliorer la productivité des employés et se protéger contre les menaces ...
Améliorer la productivité des employés et se protéger contre les menaces ...Améliorer la productivité des employés et se protéger contre les menaces ...
Améliorer la productivité des employés et se protéger contre les menaces ...AGILLY
 

Recommended

How to Hack a Cryptographic Key
How to Hack a Cryptographic KeyHow to Hack a Cryptographic Key
How to Hack a Cryptographic KeyIBM Security
 
Follow the Money, Follow the Crime
Follow the Money, Follow the CrimeFollow the Money, Follow the Crime
Follow the Money, Follow the CrimeIBM Security
 
New trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & MobileNew trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & MobileSISA Information Security Pvt.Ltd
 
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Security
 
Malware on Smartphones and Tablets: The Inconvenient Truth
Malware on Smartphones and Tablets: The Inconvenient TruthMalware on Smartphones and Tablets: The Inconvenient Truth
Malware on Smartphones and Tablets: The Inconvenient TruthIBM Security
 
IBM Mobile Analyzer Saves the Day
IBM Mobile Analyzer Saves the DayIBM Mobile Analyzer Saves the Day
IBM Mobile Analyzer Saves the DayIBM Security
 
Information Risk and Protection
Information Risk and ProtectionInformation Risk and Protection
Information Risk and Protectionxband
 
Améliorer la productivité des employés et se protéger contre les menaces ...
Améliorer la productivité des employés et se protéger contre les menaces ...Améliorer la productivité des employés et se protéger contre les menaces ...
Améliorer la productivité des employés et se protéger contre les menaces ...AGILLY
 
MaaS360 with Watson
MaaS360 with WatsonMaaS360 with Watson
MaaS360 with WatsonSylvia Low
 
Are We There Yet? The Path Towards Securing the Mobile Enterprise
Are We There Yet? The Path Towards Securing the Mobile EnterpriseAre We There Yet? The Path Towards Securing the Mobile Enterprise
Are We There Yet? The Path Towards Securing the Mobile EnterpriseIBM Security
 
How to Keep Hackers Out of Your Organisation
How to Keep Hackers Out of Your OrganisationHow to Keep Hackers Out of Your Organisation
How to Keep Hackers Out of Your OrganisationIBM Danmark
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarIBM Security
 
Mobile Security
Mobile SecurityMobile Security
Mobile SecurityXavier Mertens
 
Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" mycroftinc
 
BYOD / Mobile-Device Security Guidelines for CxO's
BYOD / Mobile-Device Security Guidelines for CxO'sBYOD / Mobile-Device Security Guidelines for CxO's
BYOD / Mobile-Device Security Guidelines for CxO'sPatrick Angel - MBA, CISSP(c) CISM(c) CRISC(c) CISA(c)
 
IBM MaaS360 with Watson
IBM MaaS360 with WatsonIBM MaaS360 with Watson
IBM MaaS360 with WatsonKillian Delaney
 
Identity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of ThingsIdentity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of ThingsPing Identity
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityJohn Rhoton
 
Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it Moon Technolabs Pvt. Ltd.
 
SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013Petr Dvorak
 
Mobile Security for Banking and Finance
Mobile Security for Banking and FinanceMobile Security for Banking and Finance
Mobile Security for Banking and FinanceSierraware
 
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...IBM Security
 
CNIT 128 7: Mobile Device Management
CNIT 128 7: Mobile Device ManagementCNIT 128 7: Mobile Device Management
CNIT 128 7: Mobile Device ManagementSam Bowne
 
Mobile security
Mobile securityMobile security
Mobile securitypriyanka pandey
 
WEBINAR - August 9, 2016: New Legal Requirements for Mobile Security
WEBINAR - August 9, 2016: New Legal Requirements for Mobile SecurityWEBINAR - August 9, 2016: New Legal Requirements for Mobile Security
WEBINAR - August 9, 2016: New Legal Requirements for Mobile SecurityMobileIron
 
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (MobileIron)
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (MobileIron)DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (MobileIron)
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (MobileIron)Andris Soroka
 
Mobile Security for the Enterprise
Mobile Security for the EnterpriseMobile Security for the Enterprise
Mobile Security for the EnterpriseWill Adams
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyMichael Davis
 
2015 Banking Trends
2015 Banking Trends2015 Banking Trends
2015 Banking TrendsMX
 
E banking innovations trends in india
E banking innovations trends in indiaE banking innovations trends in india
E banking innovations trends in indiaiaemedu
 

More Related Content

What's hot

MaaS360 with Watson
MaaS360 with WatsonMaaS360 with Watson
MaaS360 with WatsonSylvia Low
 
Are We There Yet? The Path Towards Securing the Mobile Enterprise
Are We There Yet? The Path Towards Securing the Mobile EnterpriseAre We There Yet? The Path Towards Securing the Mobile Enterprise
Are We There Yet? The Path Towards Securing the Mobile EnterpriseIBM Security
 
How to Keep Hackers Out of Your Organisation
How to Keep Hackers Out of Your OrganisationHow to Keep Hackers Out of Your Organisation
How to Keep Hackers Out of Your OrganisationIBM Danmark
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarIBM Security
 
Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" mycroftinc
 
Identity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of ThingsIdentity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of ThingsPing Identity
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityJohn Rhoton
 
Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it Moon Technolabs Pvt. Ltd.
 
SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013Petr Dvorak
 
Mobile Security for Banking and Finance
Mobile Security for Banking and FinanceMobile Security for Banking and Finance
Mobile Security for Banking and FinanceSierraware
 
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...IBM Security
 
CNIT 128 7: Mobile Device Management
CNIT 128 7: Mobile Device ManagementCNIT 128 7: Mobile Device Management
CNIT 128 7: Mobile Device ManagementSam Bowne
 
WEBINAR - August 9, 2016: New Legal Requirements for Mobile Security
WEBINAR - August 9, 2016: New Legal Requirements for Mobile SecurityWEBINAR - August 9, 2016: New Legal Requirements for Mobile Security
WEBINAR - August 9, 2016: New Legal Requirements for Mobile SecurityMobileIron
 
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (MobileIron)
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (MobileIron)DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (MobileIron)
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (MobileIron)Andris Soroka
 
Mobile Security for the Enterprise
Mobile Security for the EnterpriseMobile Security for the Enterprise
Mobile Security for the EnterpriseWill Adams
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyMichael Davis
 

What's hot (20)

MaaS360 with Watson
MaaS360 with WatsonMaaS360 with Watson
MaaS360 with Watson
 
Are We There Yet? The Path Towards Securing the Mobile Enterprise
Are We There Yet? The Path Towards Securing the Mobile EnterpriseAre We There Yet? The Path Towards Securing the Mobile Enterprise
Are We There Yet? The Path Towards Securing the Mobile Enterprise
 
How to Keep Hackers Out of Your Organisation
How to Keep Hackers Out of Your OrganisationHow to Keep Hackers Out of Your Organisation
How to Keep Hackers Out of Your Organisation
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
 
Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise"
 
BYOD / Mobile-Device Security Guidelines for CxO's
BYOD / Mobile-Device Security Guidelines for CxO'sBYOD / Mobile-Device Security Guidelines for CxO's
BYOD / Mobile-Device Security Guidelines for CxO's
 
IBM MaaS360 with Watson
IBM MaaS360 with WatsonIBM MaaS360 with Watson
IBM MaaS360 with Watson
 
Identity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of ThingsIdentity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of Things
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
 
Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it
 
SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013
 
Mobile Security for Banking and Finance
Mobile Security for Banking and FinanceMobile Security for Banking and Finance
Mobile Security for Banking and Finance
 
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
 
CNIT 128 7: Mobile Device Management
CNIT 128 7: Mobile Device ManagementCNIT 128 7: Mobile Device Management
CNIT 128 7: Mobile Device Management
 
Mobile security
Mobile securityMobile security
Mobile security
 
WEBINAR - August 9, 2016: New Legal Requirements for Mobile Security
WEBINAR - August 9, 2016: New Legal Requirements for Mobile SecurityWEBINAR - August 9, 2016: New Legal Requirements for Mobile Security
WEBINAR - August 9, 2016: New Legal Requirements for Mobile Security
 
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (MobileIron)
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (MobileIron)DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (MobileIron)
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (MobileIron)
 
Mobile Security for the Enterprise
Mobile Security for the EnterpriseMobile Security for the Enterprise
Mobile Security for the Enterprise
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and Privacy
 

Viewers also liked

2015 Banking Trends
2015 Banking Trends2015 Banking Trends
2015 Banking TrendsMX
 
E banking innovations trends in india
E banking innovations trends in indiaE banking innovations trends in india
E banking innovations trends in indiaiaemedu
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comIdexcel Technologies
 
Insurance Top 10 Trends 2016
Insurance Top 10 Trends 2016Insurance Top 10 Trends 2016
Insurance Top 10 Trends 2016Capgemini
 
Bank 2.0 & The Power of Widgets
Bank 2.0 & The Power of WidgetsBank 2.0 & The Power of Widgets
Bank 2.0 & The Power of WidgetsBackbase
 
Innovation of Products & Services in Banking
Innovation of Products & Services in BankingInnovation of Products & Services in Banking
Innovation of Products & Services in BankingSaad Sair
 
New innovations in banking industry
New innovations in banking industryNew innovations in banking industry
New innovations in banking industryHemanth Shenoy
 
Banking Trends for 2016
Banking Trends for 2016Banking Trends for 2016
Banking Trends for 2016Capgemini
 
Financial Services Digital Disruption – Trends & Innovations
Financial Services Digital Disruption – Trends & InnovationsFinancial Services Digital Disruption – Trends & Innovations
Financial Services Digital Disruption – Trends & InnovationsCarmelon Digital Marketing
 
Electronic banking presentation
Electronic banking presentationElectronic banking presentation
Electronic banking presentationxabi951
 
Innovations in Banking - Recent Developments
Innovations in Banking - Recent DevelopmentsInnovations in Banking - Recent Developments
Innovations in Banking - Recent DevelopmentsSwaminath Sam
 
Digital Bank, May 2014
Digital Bank, May 2014Digital Bank, May 2014
Digital Bank, May 2014Chris Skinner
 

Viewers also liked (12)

2015 Banking Trends
2015 Banking Trends2015 Banking Trends
2015 Banking Trends
 
E banking innovations trends in india
E banking innovations trends in indiaE banking innovations trends in india
E banking innovations trends in india
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
 
Insurance Top 10 Trends 2016
Insurance Top 10 Trends 2016Insurance Top 10 Trends 2016
Insurance Top 10 Trends 2016
 
Bank 2.0 & The Power of Widgets
Bank 2.0 & The Power of WidgetsBank 2.0 & The Power of Widgets
Bank 2.0 & The Power of Widgets
 
Innovation of Products & Services in Banking
Innovation of Products & Services in BankingInnovation of Products & Services in Banking
Innovation of Products & Services in Banking
 
New innovations in banking industry
New innovations in banking industryNew innovations in banking industry
New innovations in banking industry
 
Banking Trends for 2016
Banking Trends for 2016Banking Trends for 2016
Banking Trends for 2016
 
Financial Services Digital Disruption – Trends & Innovations
Financial Services Digital Disruption – Trends & InnovationsFinancial Services Digital Disruption – Trends & Innovations
Financial Services Digital Disruption – Trends & Innovations
 
Electronic banking presentation
Electronic banking presentationElectronic banking presentation
Electronic banking presentation
 
Innovations in Banking - Recent Developments
Innovations in Banking - Recent DevelopmentsInnovations in Banking - Recent Developments
Innovations in Banking - Recent Developments
 
Digital Bank, May 2014
Digital Bank, May 2014Digital Bank, May 2014
Digital Bank, May 2014
 

Similar to Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link

Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksIBM Security
 
Mobile Threat Management
Mobile Threat ManagementMobile Threat Management
Mobile Threat ManagementKillian Delaney
 
MDM is not Enough - Parmelee
MDM is not Enough - Parmelee MDM is not Enough - Parmelee
MDM is not Enough - Parmelee Prolifics
 
2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?IBM Security
 
Cyber crime in a Smart Phone & Social Media Obsessed World
Cyber crime in a Smart Phone & Social Media Obsessed WorldCyber crime in a Smart Phone & Social Media Obsessed World
Cyber crime in a Smart Phone & Social Media Obsessed WorldJohn Palfreyman
 
5 reasons your iam solution will fail
5 reasons your iam solution will fail5 reasons your iam solution will fail
5 reasons your iam solution will failIBM Security
 
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...IBM Security
 
Bordless Breaches and Migrating Malware
Bordless Breaches and Migrating MalwareBordless Breaches and Migrating Malware
Bordless Breaches and Migrating MalwareSarah Freemantle
 
Check Point Mobile Threat Prevention
Check Point Mobile Threat PreventionCheck Point Mobile Threat Prevention
Check Point Mobile Threat PreventionMarketingArrowECS_CZ
 
Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?VISTA InfoSec
 
5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...
5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...
5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...IBM Security
 
Combat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion TechniquesCombat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion TechniquesIBM Security
 
Securing Systems of Engagement
Securing Systems of EngagementSecuring Systems of Engagement
Securing Systems of EngagementJohn Palfreyman
 
IBM Seguridad Móvil - Acompaña tu estrategia BYOD
IBM Seguridad Móvil - Acompaña tu estrategia BYODIBM Seguridad Móvil - Acompaña tu estrategia BYOD
IBM Seguridad Móvil - Acompaña tu estrategia BYODCamilo Fandiño Gómez
 
Simple and secure mobile cloud access
Simple and secure mobile cloud accessSimple and secure mobile cloud access
Simple and secure mobile cloud accessAGILLY
 
Cybercrime Threat Landscape: Cyber Criminals Never Sleep
Cybercrime Threat Landscape: Cyber Criminals Never SleepCybercrime Threat Landscape: Cyber Criminals Never Sleep
Cybercrime Threat Landscape: Cyber Criminals Never SleepIBM Security
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityCygnet Infotech
 
Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecuritySubho Halder
 
Mobile Apps and Security Attacks: An Introduction
Mobile Apps and Security Attacks: An IntroductionMobile Apps and Security Attacks: An Introduction
Mobile Apps and Security Attacks: An IntroductionNagarro
 
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting Serious
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting SeriousThe Cybercriminal Approach to Mobile Fraud: Now They’re Getting Serious
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting SeriousIBM Security
 

Similar to Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link (20)

Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging Risks
 
Mobile Threat Management
Mobile Threat ManagementMobile Threat Management
Mobile Threat Management
 
MDM is not Enough - Parmelee
MDM is not Enough - Parmelee MDM is not Enough - Parmelee
MDM is not Enough - Parmelee
 
2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?
 
Cyber crime in a Smart Phone & Social Media Obsessed World
Cyber crime in a Smart Phone & Social Media Obsessed WorldCyber crime in a Smart Phone & Social Media Obsessed World
Cyber crime in a Smart Phone & Social Media Obsessed World
 
5 reasons your iam solution will fail
5 reasons your iam solution will fail5 reasons your iam solution will fail
5 reasons your iam solution will fail
 
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
 
Bordless Breaches and Migrating Malware
Bordless Breaches and Migrating MalwareBordless Breaches and Migrating Malware
Bordless Breaches and Migrating Malware
 
Check Point Mobile Threat Prevention
Check Point Mobile Threat PreventionCheck Point Mobile Threat Prevention
Check Point Mobile Threat Prevention
 
Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?
 
5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...
5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...
5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...
 
Combat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion TechniquesCombat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion Techniques
 
Securing Systems of Engagement
Securing Systems of EngagementSecuring Systems of Engagement
Securing Systems of Engagement
 
IBM Seguridad Móvil - Acompaña tu estrategia BYOD
IBM Seguridad Móvil - Acompaña tu estrategia BYODIBM Seguridad Móvil - Acompaña tu estrategia BYOD
IBM Seguridad Móvil - Acompaña tu estrategia BYOD
 
Simple and secure mobile cloud access
Simple and secure mobile cloud accessSimple and secure mobile cloud access
Simple and secure mobile cloud access
 
Cybercrime Threat Landscape: Cyber Criminals Never Sleep
Cybercrime Threat Landscape: Cyber Criminals Never SleepCybercrime Threat Landscape: Cyber Criminals Never Sleep
Cybercrime Threat Landscape: Cyber Criminals Never Sleep
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App Security
 
Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application Security
 
Mobile Apps and Security Attacks: An Introduction
Mobile Apps and Security Attacks: An IntroductionMobile Apps and Security Attacks: An Introduction
Mobile Apps and Security Attacks: An Introduction
 
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting Serious
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting SeriousThe Cybercriminal Approach to Mobile Fraud: Now They’re Getting Serious
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting Serious
 

More from IBM Security

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsIBM Security
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...IBM Security
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIBM Security
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...IBM Security
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...IBM Security
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackIBM Security
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationIBM Security
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?IBM Security
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsIBM Security
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020IBM Security
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityIBM Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident ResponseIBM Security
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats IBM Security
 

More from IBM Security (20)

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM Resilient
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon Black
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident Response
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats
 

Recently uploaded

Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 

Recently uploaded (20)

Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 

Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link

  • 1. © 2013 IBM Corporation Arxan & Trusteer Present: Securing Mobile Banking Apps – You are only as strong as your weakest link Trusteer: Ori Bach Arxan: Jonathan Carter © 2015 IBM Corporation
  • 2. © 2015 IBM Corporation2 IBM Security Systems Agenda • Mobile App and Payment Landscape • How Criminals Can Attack Your App • Comprehensive Protection Techniques • Q&A
  • 3. © 2015 IBM Corporation3 IBM Security Systems Mobile App and Payment Landscape
  • 4. © 2015 IBM Corporation4 IBM Security Systems Mobile Banking Services Can be a Competitive Advantage Mobile banking is the most important deciding factor when switching banks (32%) More important than fees (24%) or branch location (21%) or services (21%)… a survey of mobile banking customers in the U.S. 1 Mobile banking channel development is the #1 technology priority of N.A. retail banks (2013) #1 Channel The mobile payments market will eventually eclipse $1 trillion by 2017 $1tn 43% of 18-20 year olds have used a mobile banking app in the past 12 months 29% Cash-based retail payments in the U.S. have fallen from 36% in 2002 to 29% in 2012 $ Of customers won't mobile bank because of security fears 19% 90%Of mobile banking app users use the app to check account balances or recent transactions
  • 5. © 2015 IBM Corporation5 IBM Security Systems However, Security Is Front and Center and Must Be Addressed
  • 6. © 2015 IBM Corporation6 IBM Security Systems Many Are Falling Short • Majority of top 100 paid Android and iOS Apps are available as hacked versions on third-party sites • …as are many financial service, retail, and healthcare apps • (State of Mobile App Security, Arxan, 2015) • "Chinese App Store Offers Pirated iOS Apps Without the Need to Jailbreak” (Extreme Tech, 2013) http://www-03.ibm.com/software/products/en/arxan-application-protection
  • 7. © 2015 IBM Corporation IBM Security 7 You are only as strong as your weakest link Application Risks Device Risks Session Risks  App hacking  App security vulnerabilities  Rooted / jailbroken devices  Outdated OS security vulnerabilities  Malware  Unsecure connection  SMS forwarding  Mobile ATO / cross-channel ATO
  • 8. © 2015 IBM Corporation8 IBM Security Systems How Criminals Can Easily Attacks Your Mobile Banking App
  • 9. © 2015 IBM Corporation9 IBM Security Systems Typical Software Security Lifecycle Design, Build, TestPlan High-Level Risk Assessments Security Policy Review Define Security Requirements Security Architecture Review Threat modeling Static Analysis Dynamic Testing Penetration Testing Test, Deploy Application Monitoring Secure Code Review Secure Coding Training Final Functional & Security Testing Produces a “Secure” Application with few, known and acceptable vulnerabilities BUT …
  • 10. © 2015 IBM Corporation10 IBM Security Systems Even Secure Mobile Apps can be Hacked z Centralized, trusted environment • Web apps • Data center custom apps Distributed or untrusted environment “Apps in the Wild” • Mobile Apps • Internet of Things / Embedded • Packaged Software Vulnerability Analysis and Flaw Remediation Vulnerability Analysis and Flaw Remediation Application Hardening and Run-Time Protection Application Environment Application Security Model Attackers do not have easy access to application binary Attackers can easily access and compromise application binary “Build It Secure” “Keep It Secure”
  • 11. © 2015 IBM Corporation11 IBM Security Systems App Confidentiality and Integrity Risks • Application binaries can be modified • Run-time behavior of applications can be altered • Malicious code can be injected into applications Integrity Risk (Code Modification or Code Injection Vulnerabilities) • Sensitive information can be exposed • Applications can be reverse-engineered back to the source code • Code can be lifted and reused or repackaged Confidentiality Risk (Reverse Engineering or Code Analysis Vulnerabilities)
  • 12. © 2015 IBM Corporation12 IBM Security Systems Anatomy of Attacks on Mobile Apps Reverse-engineering app contents 1. Decrypt the mobile app (iOS apps) 2. Open up and examine the app 3. Create a hacked version 11 110 01 0 1001110 1100 001 01 111 00 11 110 01 0 0101010 0101 110 011100 00 Extract and steal confidential data Create a tampered, cracked or patched version of the app Release / use the hacked app Use malware to infect/patch the app on other devices 4. Distribute App https://www.arxan.com/how-to-hack-a-mobile-application
  • 13. © 2015 IBM Corporation13 IBM Security Systems But isn’t My App Encrypted? Well, yes, but … iTunes Code Encryption Bypass • It is easy for hackers to bypass iOS encryption to progress a mobile app attack.
  • 14. © 2014 IBM Corporation IBM Security 14  Server-side Device ID is not effective for mobile devices  Mobile devices share many identical attributes  Mobile devices have the same attributes: OS, browser, fonts etc..  Cybercriminals can easily trick traditional device ID systems Cybercriminals love mobile anonymity 14 Account Takeover via a Criminal Mobile Device
  • 15. © 2014 IBM Corporation IBM Security 15 Online Banking Cross channel account takeover attacks Credentials Theft LOGIN MobileLogin The Bank’s Mobile Banking App / website Customer Credentials, data Criminal
  • 16. © 2014 IBM Corporation IBM Security 16  Rooted or Jailbroken Devices  New jailbreak techniques  Jailbreak and rooting evasion  Data sent/ received exposed  Including data sent over SSL  No defense against malware  SMS interceptors  Overlay attacks  Automated malware  Data stealers Vulnerable and Compromised Devices
  • 17. © 2014 IBM Corporation IBM Security 17 Financial Malware and Ransomware  Installing malicious up as “device admin”  App prevents user from deleting it
  • 18. © 2014 IBM Corporation IBM Security 18 SVPENG Screen “injection” Overlay on Google PlayOverlay on Russian Bank Login Screen
  • 19. © 2014 IBM Corporation IBM Security 19 Ransomware: Now on Mobile – cant remove the app!
  • 20. © 2015 IBM Corporation20 IBM Security Systems  Cybercriminals convince users to supply mobile phone number to install app on phone via malware or phishing  Users installs fake security application and enters activation code  Malware captures all SMS traffic, including OTP and forwards to fraudsters where fraudulent transfers via online and captured OTP need to bypass authentication Example of SMS forwarding attack Coordinated attacks across PC and mobile
  • 21. © 2014 IBM Corporation IBM Security 21 OTP SMS forwarding for sale as underground service 21 User Name + Password OTP SMS Credentials OTP SMS TOR C&C
  • 22. © 2015 IBM Corporation22 IBM Security Systems Mobile App & Mobile Payment Protection Techniques
  • 23. © 2015 IBM Corporation IBM Security 23 IBM - An integrated approach to secure mobile banking Build it Safe Keep It Safe Prevent Misuse  Hacking  App security vulnerabilities  Rooted / jailbroken devices  Credentials stealing malware  Data transferred over an unsecure connection  Account takeover fraud  SMS forwarding malware IBM Security App Scan IBM Security Access Manager Trusteer Mobile SDK / Browser Trusteer Pinpoint Criminal Detection Arxan Worklight
  • 24. © 2015 IBM Corporation IBM Security 24 Detecting Vulnerable and Compromised Devices  Trusteer Mobile SDK detects mobile malware and rogue apps  Mobile Malware  SMS Interceptors , Device rooters, Data stealers, Generic downloaders  Rogue Apps  Access sensitive functions (like SMS)  Launch at startup  Not pre-approved by Trusteer  Reported as risk factors
  • 25. © 2015 IBM Corporation IBM Security 25 Criminals attempt to eavesdrops to app on unsecure devices Criminals looks for security vulnerabilities Criminals attempts to hack application Criminals deploys credential stealing malware Holistic data protection with IBM Mobile Security Mobile Banking Access is prevented from jailbroken/rooted devices detected by Trusteer Mobile SDK All vulnerabilities removed with Appscan Hack fails due to Arxan obfuscation and runtime protections Access is prevented from malware infected devices detected by Trusteer Mobile SDK
  • 26. © 2015 IBM Corporation IBM Security 26 Detecting Criminal Devices with Trusteer  Determines device location (GPS/Network triangulation)  Detects IP “Velocity” Condition Trusteer Pinpoint Detection Trusteer Mobile SDK
  • 27. © 2015 IBM Corporation27 IBM Security Systems Online Banking Detecting and responding to account takeover attacks Restrict Access Credentials Theft Trusteer Pinpoint Malware Detection LOGIN Trusteer Pinpoint Criminal Detection App Login • Jailbroken / Rooted Device • Malware Infection • New device ID • Unpatched OS • Unsecure Wi-Fi connection • Rogue App Account Risk Device Risk+ • Proxy • New Payee • Spoofing • Phished Incident • Malware Infection1 2 The Bank’s Mobile Banking App Trusteer Mobile SDK Customer Credentials, data Criminal ISAM Policy and Runtime Management
  • 28. © 2015 IBM Corporation28 IBM Security Systems Online Banking Stopping account takeover using SMS forwarding malware Payment Denied LOGIN Trusteer Pinpoint Criminal Detection App Login • Jailbroken / Rooted Device • Malware Infection • New device ID • Unpatched OS • Unsecure Wi-Fi connection • Rogue App Account Risk Device Risk+ • Proxy • New Payee • Spoofed device • Phishing Incident • Malware Infection1 2 The Bank’s Mobile Banking App Trusteer Mobile SDK Customer OTP SMS Forwarded Criminal ISAM Policy and Runtime Management Criminal initiates payment requiring OTP authorization
  • 29. © 2015 IBM Corporation29 IBM Security Systems Application Protection: Can you say: Ob-fu-sca-tion! Confuse the Hacker • Dummy Code Insertion • Instruction Merging • Block Shuffling • Function Inlining • … and More! Turns this into this …
  • 30. © 2015 IBM Corporation30 IBM Security Systems Application Protection: Preventing Reverse Engineering Other Techniques • Method Renaming • String Encryption • … and More! String not found Where did it go?
  • 31. © 2015 IBM Corporation31 IBM Security Systems Application Protection: Preventing Tampering Common Techniques Checksum -- Has the binary changed? If so, let me know so I can do something about it! Method Swizzling Detection -- Is someone hijacking my code? Debug Detection Is a Debugger Running?
  • 32. © 2015 IBM Corporation32 IBM Security Systems Application Protection: A Number of Guards Can Be Leveraged Defend against compromise • Advanced Obfuscation • Encryption • Pre-Damage • Metadata Removal Detect attacks at run-time • Checksum • Debugger Detection • Resource Verification • Resource Encryption • Jailbreak/Root Detection • Swizzling Detection • Hook Detection React to ward off attacks • Shut Down (Exit, Fail) • Self-Repair • Custom Reactions • Alert / Phone Home
  • 33. © 2015 IBM Corporation33 IBM Security Systems Application Protection: Multi-Layered Protection – Example
  • 34. © 2015 IBM Corporation34 IBM Security Systems  Mobile payment, with the existing retail PoS infrastructure  HCE mobile apps have particular needs  Need protection of keys and cryptography • Offline, as well as online  Need to work on any Android device • From any manufacturer • With any mobile operator  Should be portable to other platforms • Once they support HCE too  Arxan’s innovative solution  TransformIT® • Whitebox cryptography  PLUS Application protection technology • Anti reverse-engineering • Tamper resistance Application Protection: Mobile Payment Apps: Host Card Emulation
  • 35. © 2015 IBM Corporation35 IBM Security Systems Application Protection: Why Arxan?  ‘Gold standard’ protection strength – Multi-layer Guard Network – Static & run-time Guards – Customizable to your application – Automated randomization for each build  No disruption to SDLC or source code with unique binary- based Guard injection  Cross platform support -- > 7 mobile platforms alone  Proven – Protected apps deployed on over 300 million devices – Hundreds of satisfied customers across Fortune 500  Unique IP ownership: 10+ patents  Integrated with other IBM security and mobility solutions
  • 36. © 2015 IBM Corporation36 IBM Security Systems World’s Strongest App Protection, Now Sold & Supported by IBM Benefit of your existing trusted relationship with IBM • Arxan’s technology now available from IBM: Sales, Solution, Services, Support from IBM, with close collaboration between IBM and Arxan to ensure your success • Leverage your existing procurement frameworks and contract vehicles (IBM Passport Advantage, ELAs, Perpetual License, Elite Support, etc) for purchasing Arxan products and take advantage of your relationship pricing and special discounts from IBM Leverage Arxan as part of comprehensive solution portfolio from IBM to holistically secure mobile apps, with value-adding validated integrations • Enables unique ‘Scan + Protect’ application security strategy and best practice for building it secure during development (AppScan) and keeping it secure deployed “in the wild” (Arxan) • Value-adding Arxan integrations, validations, and interoperability testing with other IBM products (e.g., IBM AppScan, IBM Trusteer, IBM Worklight)
  • 37. © 2015 IBM Corporation37 IBM Security Systems NEXT STEP: Contact your IBM representative or email IBM@Arxan.com for more information Webinar participants eligible for Free Evaluation of “Arxan Application Protection for IBM Solutions” Now offered as part of IBM’s Security Portfolio Special Offer for Webinar Participants
  • 38. © 2015 IBM Corporation38 IBM Security Systems Additional Resources Arxan/IBM White Paper: Securing Mobile Apps in the Wild http://www.arxan.com/securing-mobile-apps-in-the-wild-with-app-hardening-and-run- time-protection/ How to Hack An App https://www.youtube.com/watch?v=VAccZnsJH00 IBM Whitepaper: Old Techniques, New Channel: Mobile Malware Adapting PC Threat Techniques https://www14.software.ibm.com/webapp/iwm/web/signup.do?source=swg- WW_Security_Organic&S_PKG=ov26530&S_TACT=C341006W&S_CMP=web_opp_s ec_trusteer_msdk/
  • 39. © 2015 IBM Corporation39 IBM Security Systems Q&A
  • 40. © 2015 IBM Corporation40 IBM Security Systems Thank You! Ori Bach ORIBACH@il.ibm.com Jonathan Carter jcarter@arxan.com