2014 Threats Predictions: Mobile Attackers to Benefit From New Payment Methods

This post is one in a series of articles that expand on the recently released McAfee Labs 2014 Threats Predictions. In this and related posts, McAfee Labs researchers offer their views of new and evolving threats we expect to see in the coming year. This article was written by Jimmy Shah.

We wrote last year about the future dangers of mobile worms exploiting near-field communications. This year many high-end phones came with NFC hardware. Next year we should see NFC-capable phones that let consumers pay with their phones everywhere they can pay with a credit card. Unfortunately, we’ll also see thieves find ways to turn your grande latte order into a more expensive event.

There are now more ways to pay for things via mobile phone, using services such as Square, PayPal, or Coin. Attackers will find ways to skim cards using mobile credit card readers, or swipe information from apps on the phone. More ways to pay will lead to more ways for attackers to hijack your money.

Malware developers are hard at work creating ransomware for mobile phones. Currently we see malware that pretends to lock your phone, offering to release it upon payment of a ransom. It’s a short step for malware writers to encrypt your phone’s disk and make the threat real.

As more apps are converted from proprietary platforms to HTML5 in the name of cross-platform compatibility, attackers will put more resources into exploiting such apps. Attackers will develop exploits that target HTML5 apps or native drivers (audio, video, file system, etc.).

How about a bit of good news? Android 4.2 includes a security feature that makes it harder for SMS-sending malware to steal money without an owner’s knowledge. The feature informs users whenever a message is about to be sent to a premium-rate number. This simple step will cut into the easy money attackers made because users will no longer be unaware that the new app they installed costs money.