Business

Cloud Pickpockets In Mobile Payment Marketplaces

Cloud Pickpockets In Mobile Payment Marketplaces
March 11, 2013

Many of us are becoming pretty comfortable with cloud based computing services by now as some of the secrecy behind the term is demystified. If you’re using an Internet-based email

Many of us are becoming pretty comfortable with cloud based computing services by now as some of the secrecy behind the term is demystified. If you’re using an Internet-based email system on a tablet PC, you are using the cloud. If you’re storing documents online and playing web-connected games or making online payments, you are touching and interacting with cloud resources whether you know it or not.

As we now move to use more online tools to perform essential small business management functions we need to consider cloud security first and foremost to keep our data (and our finances) safe. A cloud based antivirus system is an essential component of modern business IT management today – as fundamental as perhaps a printer and scanner was a decade or so ago.

But as of now, companies are generally speaking not fully aware of just how multifarious and multi-faceted cloud malware can be.

Take for example Near Field Communications (NFC). This new standard for radio communication between devices (much like Bluetooth or WiFi) is being used to power so-called “digital wallets” that enable users to make payments from their smartphones when on the go.

 

Propagation through contactless proximity

When devices are taken away from the business premises and used by for mobile transactions, a firm’s remote management systems cannot control their every action. Where Near Field Communications is intended for honest “tap-and-pay” transactions, this short-range wireless technology could potentially be targeted by some as-yet-unknown form of “bump-and-infect” attack capable of propagating themselves ‘through proximity’.

Note that it’s important we stress that is only a conceptual attack risk at the moment; plus NFC itself is some way off of widespread adoption – but allow me to explain further …

If users in the future could be infected by “contactless proximity”, this predominantly cloud-based malware could replicate and distribute itself rapidly if (for example) a user is in a crowded shopping area or a train or some other very public place. Users’ wallets then get cloned, copied and plundered and the vulnerability in the device has been exploited.

Analyst firm IDC estimates that the next four years will see the total number of mobile users on the planet increase by as many as 91 million additional individuals. These scaled down devices depend on connectivity to the cloud for the application and storage power that they cannot carry out, so the formula here is clear to read i.e. more mobile cloud connected devices with more vulnerabilities to protect equals a bigger remote management challenge.

AVG has envisaged the inherent dangers developing in line with the rise of cloud computing and the proliferating adoption of mobile devices from smartphones to tablets. Packages like AVG CloudCare have been engineered for cloud based antivirus protection with a cloud protection pedigree that extends back to the very start of this new approach to service-based cloud computing.

There is now an obligation and responsibility for firms to address small business cloud security before they start trading in any marketplace because cloud pickpockets are everywhere. It’s time to lock down our defenses.


March 11, 2013


prefooter-platform.pngprefooter-text.png