Mobile Security Tips

Posted by admin on 4/Feb/2011 in Security Alert Log | 0 comments

I came across a very nice article while reading the F-Secure Weblog outlining some basic (yet totally pertinent) tips for staying secure while using your smartphone/tablet.

CES 2011 kicked off the year with a preview of what’s upcoming in mobile computing. Expect more releases of high-spec smartphones and tablets, possibly powered by a dual-core CPU such as NVIDIA Tegra 2. Some of us are wooed by the sneak peak of phones such as the LG Optimus 2X and Motorola Atrix 4G, and certainly are looking forward to their releases this quarter.

With data charges getting cheaper and technologies in mobile computing getting more powerful, mobile devices are becoming more like a small personal computer. Moreover, the availability of applications that aid users to easily perform banking transaction, online shopping, flight booking and just plain Web browsing further encourages users to rely on their smartphones.

(more…)

RSA 2011 Cybercrime Trends Report

Posted by admin on 1/Feb/2011 in Press Releases, Security Alert Log | 0 comments

This is a very important article/whitepaper that was published recently by RSA. It explicitly points to mobile phones being a security problem and makes specific mention of SMS and mobile banking being vulnerable.

The Current State of Cybercrime and What to Expect in 2011

Cybercrime continues to show no signs of slowing down. In fact, 2010 marked a year of several new threats and an increased level of sophistication in the attacks witnessed around the globe. As the new decade opens, cybercrime is diverging down a different path as cyber attacks move beyond the financial services industry and malware makes a shift from targeting consumer desktops to employees in the enterprise.

The RSA Anti-Fraud Command Center (AFCC ) has developed a list of the top cybercrime trends it expects to see evolve over the course of 2011.

The RSA Anti-Fraud Command Center is on the forefront of new threat detection and cybercrime intelligence, achieving several milestones including the shutdown of over 350,000 online attacks across 181 countries and launching the first commercial anti-phishing and anti-Trojan services in the industry.

In this white paper, RSA will review the current state of cybercrime based on what we witnessed in the last twelve months and provide a series of predictions on what to expect from cybercriminals in 2011.

Read the full article (PDF Format) as published by RSA on their web site (free registration required)

SMS Bank Tokens Vulnerable: RSA

Posted by admin on 26/Jan/2011 in Security Alert Log | 0 comments

I read a nice article today on zdnet.com.au. It is becoming clearer by the day that criminals are beginning to target the mobile device as an access point to user data.

The following in an excerpt from the article.

Mobile phone attacks will increase this year as criminals attempt to intercept SMS-based authentication tokens, according to security company RSA.

The tokens are designed to complement username and password log-in checks by requiring users to validate payments with unique numerical codes, in this instance sent by SMS.

It is becoming more popular, and the Commonwealth Bank of Australia claims to have 80 per cent of its customer base using tokens to validate third-party payments via SMS or through safer handheld token-number generators. The bank isn’t forcing customers to use it, but those who don’t will not be permitted to carry out high-risk transactions over NetBank.

RSA said in a 2011 predictions report that sending tokens via SMS will make phones a target.

“The use of out-of-band authentication SMS … as an additional layer of security adds to the vulnerabilities in the mobile channel,” the company said in its report.

“A criminal can … conduct a telephony denial-of-service attack which essentially renders a consumer’s mobile device unavailable.

“SMS forwarding services are also becoming mainstream in the fraud underground and enable the [token] sent by a bank via text to a user’s mobile phone to be intercepted and forwarded directly to the cyber criminal’s phone.”

Read the article in full on zdnet.com.au

CellTrust’s Sean Moshir to Present as the Keynote Speaker on the Future of Mobile Commerce at IQPC Conference in San Francisco

Posted by admin on 21/Jan/2011 in Press Releases | 0 comments

Conference to Address Driving User Engagement and Brand Awareness

SCOTTSDALE, ARIZONA, USA – January 21, 2011 – CellTrust Corporation, the recognized leader in mobile secure messaging and secure applications for mobile phones (www.celltrust.com), announced today that Sean Moshir, Chief Executive Officer of CellTrust, will be making the keynote presentation at the IQPC Mobile Commerce Conference in San Francisco on Tuesday, January 25th at 9:30 pm PT. The conference is being held at the Sheraton Fisherman’s Wharf in San Francisco.

Moshir will discuss how mobile sites, mobile apps, mobile payments and basically all things mobile are becoming a priority for companies who want to remain competitive and stay connected with consumers. The session will highlight meeting the opportunities and challenges ahead in mobile commerce, targeting the consumer, and positioning companies to succeed.

(more…)

UK, Australia to Talk Cyberwar

Posted by admin on 17/Jan/2011 in In The News | 0 comments

I wonder if the topic of SMS Security was raised? I would have loved to have been a fly on the wall during the meeting!

The following is an excerpt of an article published on zdnet.com.au.

Australia’s defence and foreign ministers will meet with United Kingdom counterparts in Sydney tomorrow to discuss security matters, including cybersecurity.

Defence Minister Stephen Smith and Foreign Minister Kevin Rudd will host UK Foreign Secretary William Hague and Defence Secretary Liam Fox at the third Australia-United Kingdom Ministerial (AUKMIN) talks.

“Discussions at AUKMIN III will focus on current foreign, defence and security policy challenges, including in Afghanistan and Pakistan; changing dynamics in Asia; and approaches to counter-proliferation, counter-terrorism, space and cybersecurity,” Smith said.

In previous high-level discussions, UK Minister of Armed Forces Nick Harvey pushed for the creation of an offensive cybersecurity capability, while Smith said Australia is focused on building defensive systems.

Read the full article on zdnet.com.au.

CellTrust Will Protect Mobile Payment Platforms in Nigeria – Samuel Ucheaga

Posted by admin on 12/Jan/2011 in In The News | 0 comments

Interview with Samuel Ucheaga,Managing Director – CellTrust in Africa.

MMA:Relationship between CellTrust  in the US and CellTrust in Africa.

CellTrust of Africa is in charge of the African Region as an arm of CellTrust Corporation (USA). CellTrust is a leading global provider of secure mobile messaging and applications. CellTrust’s patent pending Secure SMS Gateway™, featuring Secure SMS and a suite of mobile applications, ensures the secure and trusted exchange of information on mobile devices to the financial service industry and governments; and also to healthcare, education, energy, information technology, marketing, and travel industries. Engr. Samuel Ucheaga is the MD of CellTrust of Africa.

MMA: What is the strong compelling need for SMS security for financial  services in Nigeria.

Standard or conventional SMS, that people use for everyday messaging, is not secure. Only few people realise that it is highly vulnerable at many points. Standard SMS is vulnerable at the following points:

• On the handset where someone can easily gain access to it,
• On the air interface (between the handset and the BTS). There are now devices that cost less than 1,000 USD that could be used to sniff messages (SMS) over the air without gaining direct access to the user’s cell phone.
• At the mobile operator’s network where it is stored as a plain text file which could be read by the network operator’s staff.

Each of the problem areas listed above is already creating various problems. Since standard SMS can be compromised very easily, it is not suitable for handling sensitive or confidential messaging which the financial industry deals with.  When transmitting sensitive mobile financial information – transactions, PINs, account balances and   other sensitive information – security should be of utmost importance to prevent fraudsters from gaining access to customers’ accounts and making unauthorized transactions using the customers’ details. If mobile banking and payment security is treated with levity, the problems that the finance industry will face will make ATM related fraud seem very trivial.

(more…)

Credit, Debit Card Fraud In Australia Tops $180m

Posted by admin on 10/Dec/2010 in In The News, Press Releases | 0 comments

I was sent a copy of this story published in The Australian on the 7th of December this morning and the headline really grabbed my attention. $180m in the past year? And seriously, if they are admitting to $180+ million then the true figure is going to be truly astronomical. I’ll bet that $183 million is only the tip of a very substantial iceberg.

When are the banks and card providers going to take a good hard look at other security options instead of sticking to tried and tested methods that are failing? Come on guys, it’s time to consider using Secure SMS banking and card verification techniques.

Here’s an excerpt of the article that caught my attention.

CREDIT and debit card fraud increased to $183 million in the past financial year, up from $167m a year earlier.

Overall, fraud on all types of payment cards rose to 35 cents from 33c in every $1000 transacted, comparatively low by world standards, according to Australian Payments Clearing Association statistics released today.

The biggest spike was in proprietary or name-brand debit card fraud where the PIN was also compromised – jumping to $27.5m from $18m in 2008-09.

This includes the use of counterfeit cards containing skimmed information, with around 70,000 incidents netting $22m.

Fraudsters also snared $1.8m using a compromised PIN in identity take-over or false application cases.

But incidents involving PINs with lost and stolen cards were down slightly to $3m, from $3.7m previously, and “never received” card fraud fell to $786,000 from $1.6m.

There was a tightening of debit card fraud where PINs were not used. Incidents dropped from 4790 in 2008 – 09 to 1254 in the past year, with the value plummeting from $1.1m to $390,000.

Read the full article on The Australian’s web site

CellTrust and NewNet Partner to Deliver Integrated SMSC and Secure SMS Solution to Mobile Operators/Carriers Worldwide

Posted by admin on 2/Dec/2010 in In The News, Press Releases | 0 comments

Partnership Creates First Integrated, Tested and Certified SMSC and Secure SMS Infrastructure Solution on the Market

SCOTTSDALE, ARIZONA, and SHELTON, CT – USA - December 1, 2010 – CellTrust Corporation, the recognized leader in mobile secure messaging and secure applications for mobile phones (www.celltrust.com), announced today that it is partnering with NewNet, the pioneering leader in telecom infrastructure solutions (www.newnet.com) with deployments in more than 60 countries, in creating the first integrated SMSC and Secure SMS solution for mobile operators worldwide. The partnership will allow any mobile operator to integrate CellTrust’s SecureSMS Appliance with NewNet’s SMSC platform, to deliver a complete SMS solution to wireless subscribers.

The partnership between CellTrust and NewNet creates a seamless, tested and certified integration accelerating deployment of SecureSMS within the operator’s network. Secure SMS delivers a significant benefit to wireless operators. CellTrust developed its SecureSMS platform from the ground-up, with security architecture in mind, to provide a safe and secure environment for the exchange of sensitive information. Standard SMS is not secure and can be spoofed, but CellTrust’s SecureSMS Appliance, engineered to utilize the mobile command channel, addresses spoofing with a fully authenticated, government-grade, highly encrypted, end-to-end tamper-proof process, and also enables message sizes up to 5,000 characters.

(more…)

CellTrust Secure SMS Continues to be Secure, While Many Wireless Banks’ Apps Were Exposed to Security Flaws

Posted by admin on 22/Nov/2010 in Press Releases, Security Alert Log | 0 comments

Company says Secure SMS users’ information is safe and secure because of product architecture

SCOTTSDALE, ARIZONA, USA – November 22, 2010 – CellTrust Corporation, the recognised leader in mobile secure messaging and secure applications for mobile phones (www.celltrust.com), today announced that CellTrust’s mobile banking product, which is being piloted outside of the U.S., is based on SecureSMS Secure Mobile information management (SMIM) architecture and is not affected by security flaws that were recently published in a Wall Street Journal article. The article stated that a number of top financial companies and banks, such as Wells Fargo & Co., Bank of America Corp. and USAA, are rushing to develop updates to fix security flaws in wireless banking applications that could allow a computer criminal syndicates to obtain sensitive data like usernames, passwords and financial information.

“This is not the first time that mobile banking applications have been vulnerable to security flaws, and we do not believe it will be the last time,” said Sean Moshir, CEO and Chairman of CellTrust. “The issue with the banking apps mentioned in The Wall Street Journal article is that personal information about the wireless subscriber, such as the user name and password to a bank account, is being stored in the mobile device, which could give a cybercriminal full access to a person’s financial accounts. Storing the password in the memory of the handset is a fundamental mistake in the design of the apps and the security architecture. Furthermore, apps that store passwords in the memory of the handset or send it across the network are not compliant with financial industry regulations or best practices.”

Moshir continued, “CellTrust developed its SecureSMS platform from the ground-up, with security architecture in mind, and continues to provide a safe and secure environment for the exchange of sensitive information. A key difference with SecureSMS is that CellTrust uses the mobile command channel for communication, rather than the data channel which was used for these particular mobile banking apps. It is critical and added security for mobile banks apps to perform the actual transaction or user authentication out of band.” (more…)

CellTrust’s Sean Moshir Responds to Indian Government’s Plans for Proxy SIM Cards for Secure Communication

Posted by admin on 5/Nov/2010 in Press Releases | 0 comments

CEO wants to protect U.S. jobs, asking U.S. government to protect U.S. intellectual property

SCOTTSDALE, ARIZONA, USA – November 5, 2010 – CellTrust Corporation, the recognized leader in mobile secure messaging and secure applications for mobile phones (www.celltrust.com), responded today to the recent announcement by the Indian government that it plans to create guidelines and regulations for using proxy SIM cards for secure communication in the country. The response comes before President Obama’s weekend visit to India to discuss the economic partnership between India and the United States.

“In tough economic times like we are currently facing in the United States, we believe that certain actions, such as the ones by the government of India, could potentially be considered unfair practice against certain U.S. companies,” said Sean Moshir, CEO and Chairman of CellTrust. “While we applaud the government of India for recognizing the need for secure SMS, we believe that the resulting technology may end up infringing on the patent CellTrust has filed in India regarding Secure SMS and also could potentially violate the practices of the World Intellectual Property Organization (WIPO), a United Nations agency dedicated to developing a balanced and accessible international intellectual property system. We hope that the U.S. and other countries can come together to find ways to protect jobs, while growing small businesses internationally, and adhering to international intellectual property principles.”

CellTrust is the largest provider of Secure SMS in the world, with many government organizations as customers, including the U.S. government. While the U.S. government protects its citizens, their properties and interests, Moshir believes it should also protect their intellectual property, to ensure that jobs that need to stay in the U.S. would stay here. (more…)