Je březen 2020. Trochu v panice se vracím ze služební cesty v Budapešti. Vlaky zpět nejedou ani přes Slovensko, ani přes Rakousko. Autobusy to samé. Jsou zavřené hranice. Zrušili mi již třetí let a proto nakonec letím z Budapešti do Prahy přes Varšavu. Stevardky na palubě letadla poslouchají instrukce ze satelitního telefonu, zběsile lidem měří teplotu bezkontaktními teploměry, které jsou výbavou letadla už od sedmdesátek, a chaoticky připravují improvizované formuláře pro sběr kontaktů. Nakonec úspěšně dorazím domů.


Authentication via SMS-OTP is considered outdated because of higher overall costs, low user convenience, insufficient regulatory compliance in specific geographic regions, but primarily for practical security reasons.

1. Security

SIM Swapping Attacks


Right now, as I am writing this post, our company website is down. Under normal circumstances, this would trigger an immediate investigation in an attempt to resolve the issue as quickly as possible. However, we rely on the platform provider for hosting. Nothing is under control, so we can just wait…


On Thursday, April 22, between 09:03:12 GMT and 09:06:25 GMT, we noticed suspicious activity in the Malwarelytics threat intelligence back-end systems. After investigating the incident, we assume that the activity could be a part of a complex mobile banking malware attack on Android. The scenario is in preparation. The cybercriminals are now attempting to tamper the cyber defense systems (probably from various vendors) that could stop or minimize the attack’s impact.

Recommendation

  • Intensify the “be careful” messaging towards your customer…


What do you know about the Czech Republic? Most people would probably mention Prague, excellent beer, and SKODA cars. However, the Czech Republic is also home to a thriving cybersecurity startup ecosystem.

1. BankID


We believe that security improvements must go hand in hand with an amazing user experience. That’s why we gave our mobile token app a big UI facelift. We wanted to make sure that the white-label product does not hold our customers back and matches the latest mobile design trends, to help them win in the digital transformation race. The update will be available to all our mobile token customers for free.


Vista Bank Romania has recently selected our industry-leading app shielding and anti-malware technologies to protect their mobile banking and mobile token apps. As a result, Vista Bank offers a robust level of security to its clients, safeguarded against threats originated from banker malware and software vulnerabilities on iOS and Android systems.


Huawei, a global provider of ICT infrastructure and smart devices, has been in a negative spotlight lately. Many national security agencies have flagged this company as a potential security risk, with some countries imposing sanctions to impede Huawei’s operations. Banks are considered critical infrastructure in most states. As a result, they need to evaluate their approach to Huawei, especially in the context of smartphones and portable devices their customers use to access digital banking. At the same time, they cannot merely ignore Huawei because it is currently the biggest smartphone vendor with a global smartphone market share of approximately 20%.


Quantum computers will change the cryptography as we know it. It is not a matter of “if,” but a matter of “when.” We might not like it. We may have opinions about when this will happen. But rather than waiting for when the large-scale quantum computers cause issues to our cryptographic systems, we should study and implement algorithms that are quantum resistant.


The security of digital banking systems often relies on strong cryptography. However, the algorithms we currently know and take for granted, such as RSA or ECC, are threatened by a new computational paradigm and a machine with an unprecedented force: the quantum computer. These algorithms will ultimately not withstand this new challenge. The question is not “if” they break, but “when.”

Towards Quantum Resistant Systems

Petr Dvořák

CEO and Founder of Wultra. Speaker. Author of PowerAuth, QR Platba and 6 mobile banking apps. Interested in #business, #mobile, #tech and #security.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store