One of the most common methods that is used by hackers to hack into the banking system through mobile banking is the man in the middle attacks. In this case, the attacker will normally intercept the messages that are in a public key exchange platform, re-transmit them, and the substitute the initial public key with their own public key. This makes the two original communicating parties to think that they are still communicating with each other. It is essentially successful because the hacker will use a program that imitates the server that is being used by the client and therefore, tricks the other party. The man in the middle attacks maximizes on the defects that can be found in computers, android mobile phones and even web servers and it makes it possible for the hacker to gain passwords and even credit card numbers that he or she can use to steal money from a customers account.
There are several factors that have been seen to contribute to the high incidences of cybercrime in Nigeria. It has been stated that in Nigeria, there is a high tolerance to corruption, and most people have grown up knowing that corruption is socially accepted. The legal framework in regards to cybercrime is weak and has many loopholes, most of the people found guilty of these crimes get away from being sentenced to a prison sentence because of various technicalities. There is also high unemployment rates in the country, leaving desperate graduates who use the skills that they acquired in school in a negative manner. Therefore, in this research paper, it assesses an IT framework that can be implemented in the banking system to increase its security and reduce the chances of bank customers providing fraudsters with information that can lead banks to be hacked and therefore lead them to lose their money.
Reasons why Mobile Banking Systems of Most Banks are Vulnerable
In most cases, the mobile banking platform for most banks is vulnerable due to the following factors. Most of the mobile banking information is stored in a cloud and this makes it to be easily accessible from remote computers that can access the networks that the banks use. There are also hardware problems such as configuration errors of the computer systems and damages due to improper use of the computers. Software problems arise from installation and programming errors. There is also the threat of theft of portable devices which can be used to access the clouding system of the banks and therefore ensure that it is vulnerable to cyber-crime. In most cases, the hackers use viruses and worms to access the system and steal the information that they require to conduct their hacking activities. For instance, they are able to intercept e-mails that contain vital information of the customers of various banks. There is also the possibility that banks have malicious insiders who take advantage of their position to connect cybercriminal groups that steal the money of the bank customers.
Security Framework to Deal with Middle Man Attacks
There are different counter-measures that can assist in preventing man in the middle attacks and therefore assist in securing the mobile banking platform. The first step is knowing the potential threats that affect the network. It will help the banks to be better prepared and therefore come up with strategic defensive controls. In an ever changing technological landscape being aware of the threats will ensure that the proper defenses are put in place to prevent cyber-crime activities.
There is also the need to place various defensive security controls in place at strategic points of the system to ensure that the hacker will have a hard time penetrating the system. The primary layer of defense security controls that can be put in place is the Intrusion Detection Systems that allows for early detection of infiltration and therefore reduces the impact of these attacks. The secondary defense measure is installing firewall devices in order to slow the attacks. Finally it is important to install malware and virus protection and system auditing controls to discourage easy intrusion from the hackers.
Public Key Infrastructure (PKI)
Given the challenges that affect mobile banking, it is seen that the best solution to reduce and eventually eliminate the hacking processes is through the introduction of the Public Key Infrastructure (PKI). PKI uses the mutual authentication policy to reduce the chances of the system to be hacked. It also uses the public key cryptography to make it effective. There are various steps that ensures that it validates a certificate. The first step is that during the connection process to the server that has been digitally signed with the SSL certificate, the server has to send the certificate to the Web users browser. If it is valid, it will be verified allowing the connection to the banks server through the SSL protocol. The next step is that there will be a session key that will be created and it will be used to protect the data that connects the server to the browser. It is unique specifically to that session. It is seen to be an effective measure because it requires the client to authenticate first to the server before it is then authenticated to the client, making it difficult to be hacked by cyber-criminals.
CITATION Ram16 \l 1033 (Ramadan, Du, Li, & Xu, 2016).
BIBLIOGRAPHY \l 1033 Ramadan, M., Du, G., Li, F., & Xu, C. (2016). A Survey of Public Key Infrastructure-Based Security for Mobile Communication Systems. MDPI, 1-17.
If you are the original author of this essay and no longer wish to have it published on the SuperbGrade website, please click below to request its removal: