Latest from the Blog

How malware can “live forever” through persistent root attacks on Android

A recent article in The Hacker News describes how it is possible for malware to become persistent through exploiting vulnerabilities in the bootloader. While the linked article is quite technical it is useful to look into exactly why the bootloader is such a tempting target. First, what is a bootloader? When you turn on your [...]

Mobile phones are under attack through from Bluetooth and Wi-Fi

Lately there have been two much published reports of vulnerabilities which threatens billions of mobile phones. First, in July it was vulnerability in the firmware of a little known chip powering almost all modern smartphones, a Wi-Fi chip made by Broadcom. The vulnerability, known as BroadPwn, allows a smartphone to be infected simply by looking [...]

The latest news in overlay attacks

Some times it feels like security vendors are fighting an endless battle against malware creators who come up with new exploits. A common goal for malware authors is to find new ways of stealing user credentials and passwords, so that criminals can hijack accounts and even do fraudulent transactions. The mechanisms used to do this [...]

Prof. Ross Anderson at Cambridge University gives a lesson on the Economics of Insecurity

In this inspiring video interview from Edge, Professor Ross Anderson explains why and how the greed-driven fostering of market imperfections has created the fundamental information security design flaws found in today’s networks and computer systems. As an example, the world of online banking uses OTP over SMS as a secure second authentication factor, which telecommunication [...]

Online Banking Credentials That Use SMS For Authentication Of Users Are Being Systematically Hacked

Over the last few years, there has been a steady focus on vulnerabilities in mobile phone networks. As far back as 2014 systemic vulnerabilities on the SS7 protocol for SMS was a well-known problem presented by security researchers, but now there appears to be real attacks on bank accounts using One-Time-PINs (OTPs) over SMS for transaction [...]

Waiting for the final regulatory technical standards specifying the requirements on strong customer authentication and common and secure communication under PSD2

The revised Payment Services Directive (PSD2) foresees that the European Banking Authority (EBA) will develop Regulatory Technical Standards (RTS) on strong customer authentication (SCA) and secure and common communications (Article 98 of the PSD2). Due to the large number of comments made during the consultation of these RTS the EBA has not yet published its [...]

Malware source code makes it even simpler to create banking malware

In the last few days there have been news about yet another malware source code leak. Malware source code is usually sold for quite high prices on underground forums, where the original developers can require fees of thousands or even tens of thousand USD for source code with optional support. In the latest leak the [...]

Protectoria in the media – interview with Trond Lemberg

Trond Lemberg, Protectoria talks to the Paypers about the solution that are commonly used to fight fraud and secure applications and the technology of the Protectoria Secure Mobile Platform. You find the full interview here

Disassembling a mobile trojan attack

Protectoria recommends reading this really good article which explains the common strategic of basing mission critical security operations on mobile browsers. The attack pattern described in the article is as follows: 1: Get tricked into visiting a website propagating malware 2: The malware tricks you into believing that one of your ordinary apps require an [...]

My bank claim my device is my responsibility 

Author: Jon Endre Gjærum, Protectoria In Norway we have over the years had low rates of online banking fraud. There are likely several reasons for this, probably a combination of good cooperation between the banks, our native language and a large number of small banks. I had a quick discussion with my bank not so [...]