Capturing your Bank Account by Accessing to SMS

According to Symantec Corp., mobile phone banking transactions are more vulnerable because of Android malware that eavesdrops on incoming SMS messages and forwards them to another SMS number or server. This sort of data leakage represents a significant risk, both to individuals and to organizations. The potential exists for attacks like these to target Internet banking services that send mobile transaction authentication numbers via SMS. Many banks send authentication codes to your phone via SMS each time you do an online transaction. This means that just stealing a login password is no longer enough for criminals to raid your account. But malware on your phone, such as the Zeus-based Andr/Zitmo (and similar versions targeting BlackBerry) are capable of intercepting those SMS messages.

Consider the following hypothetical scenario. Through a conventional phishing attack, a victim gives criminals sufficient information to allow them to sign in to your mobile banking account and also port your phone number (this has happened). They can now log in to your online bank account while also receiving an SMS containing the second-factor authentication token needed to complete a transaction. Through the use of a malicious Android app that harvests SMS messages in real time and in concert with a social engineering attack, attackers open a brief window of opportunity to steal this token and use it.

Fake Software, unauthorized SMS messages

Today, the most common business model for Android malware attacks is to install fake apps that secretly send expensive messages to premium rate SMS services. Recent examples have included phony versions of Angry Birds Space, Instagram, and fake Android antivirus products. In May 2012, UK’s mobile phone industry regulator discovered that 1,391 UK Android users had been stung by one of these scams.

The regulator fined the firm that operated the payment system involved, halted fund transfers, and demanded refunds for those who’d already paid. However, UK users represented only about 10% of this malware’s apparent victims it has been seen in at least 18 countries. Currently, one family of Android malware, Andr/Boxer, accounts for the largest number of Android malware samples we see, roughly one third of the total. Linked to .ru domains hosted in the Ukraine.

Andr/Boxer presents messages in Russian and has disproportionately attacked Eastern European Android users who visit sites where they’ve been promised photos of attractive women. When they arrive at these sites, users see a webpage that is carefully crafted to entice them to download and install a malicious app.
For example, the user might be prompted (in Russian) to install a fake update for products such as Opera or
Skype. Or, in some cases, a fake antivirus scan is run, reports false infections, and recommends the installation of a fake antivirus program. Once installed, the new app begins sending expensive SMS messages. Many of these Trojans install with what Android calls the INSTALL_PACKAGES permission. That means they can download and install additional malware in the future.

Quantum Computer

A quantum computer is any device for computation that makes direct use of distinctively quantum mechanical phenomena, such as superposition and entanglement, to perform operations on data.

In a classical computer, information is stored as bits; in a quantum computer, it is stored as qubits. The basic principle of quantum computation is that the quantum properties can be used to represent and structure data and that quantum mechanisms can be devised and built to perform operations with this data. Although quantum computing is still in its infancy, experiments have been carried out in which quantum computational operations were executed on a very small number of qubits.

Research in both theoretical and practical areas continues at a frantic pace, and many national government and military funding agencies support quantum computing research to develop quantum computers for both civilian and national security purposes, such as cryptanalysis. If large-scale quantum computers can be built, they will be able to solve certain problems exponentially faster than any of our current classical computers.

Quantum computers are different from other computers such as DNA computers and traditional computers based on transistors. Some computing architectures such as optical computers may use classical superposition of electromagnetic waves, but without some specifically quantum mechanical resources such as entanglement, they have less potential for computational speed-up than quantum computers. The power of quantum computers Integer factorization is believed to be computationally unfeasible with an ordinary computer for large integers that are the product of only a few prime numbers.

By comparison, a quantum computer could solve this problem more efficiently than a classical computer using Shor's algorithm to find its factors. his ability would allow a quantum computer to "break" many of the cryptographic systems in use today, in the sense that there would be a polynomial time (in the number of bits of the integer) algorithm for solving the problem. In particular, most of the popular public key ciphers are based on the difficulty of factoring integers, including forms of RSA.

These are used to protect secure Web pages, encrypted email, and many other types of data. Breaking these would have significant ramifications for electronic privacy and security. The only way to increase the security of an algorithm like RSA would be to increase the key size and hope that an adversary does not have the resources to build and use a powerful enough quantum computer. It seems plausible that it will always be possible to build classical computers that have more bits than the number of qubits in the largest quantum computer.