Smartphones and tablets have become the first point of access to the internet. This evolution has led to the creation of many Wi-Fi networks so people can connect from almost anywhere, but it opens a new playground for hackers. The growing amount of public networks and users who get connected to them has increased Man-In-The-Middle attack opportunities.
"Mobile attacks and vulnerabilities are increasing in terms of both number and pragmatism."
This statement made by the Gartner within the “Predicts 2017: Endpoint and mobile security” report is the foundation of the Mobile Threat Defense and the Mobile Application Security Testing Gartner’s 2017 market guides.
Every month, thousands of mobile applications are released and the amount of apps available on stores is currently estimated to be over 4 millions. In a recent study, the Ponemon institute identified that 60% of IT security leaders reported a data breach caused by an insecure mobile app, meanwhile only 29% of mobile applications are being tested for vulnerabilities.
Lately in the news, we’ve read a lot about popular apps performing malicious and intrusive behaviors. The fact is that as users, we only see a tiny part of the actions performed by mobile apps, the rest of them being silently executed. Comparable to an iceberg, 90% of an app’s actions are hidden and consequently, hard to control.
Most online transactions require a two-step authentication, and the One-Time-Password (OTP) sent by SMS is often one of those two steps. The purpose of an OTP is to prevent fraud by confirming that the person making the transaction and the credit card owner are one and the same. To do so, a temporary code is automatically sent by SMS to the phone number associated with the bank account used.