One of the interesting topics brought up by Microsoft Research India during their Change talk last week was that of mobile banking in the developing world. Managing and distributing money can be a tricky proposition in the developing world – often, people end up entrusting their money to drivers to transfer around the city or country.
Mobile banking through cell phones has proven to be an extremely cost-effective way to avoid these kinds of headaches. Through both downloadable software and text message interfaces, it is possible to efficiently transfer and manage money without the existence of local branches to handle the transaction, with minimal fees and far less obvious physical risk. However, this method has resulted in its own set of idiosyncrasies that would not likely exist with similar systems elsewhere.
Afraid of doing something wrong, many people in these developing areas are reluctant to actually carry out their own banking. Thus, a whole class of middlemen have arisen specifically for mobile banking. People will bring their mobile phones into these middlemen’s stores and tell the store owners what they want done, and the middlemen will then go do it for them. This interesting use case leads to quite a few security implications.
Assets and Security Goals
- Customers’ money is of course important. The reasons should be fairly obvious – we of course want to protect it from being stolen.
- Customers’ financial records are also important – financial histories are private, with some exceptions, and they should stay that way. Knowing how much money someone has may put them at risk for a real-life robbery, for instance, or knowing their stock portfolio could cause other problems.
Adversaries and Threats
- Malicious third parties who would like to steal the customers’ money, perhaps by listening to the airwaves, or physically stealing the phone. A lot can be done with just a few seconds with a phone given a text messaging interface.
- The middlemen have an extraordinary amount of power given what they have been entrusted with by the end-users. And, since their clients won’t have it any other way, banks have been forced to actually work with these middlemen, including them in the system. A store owner could easily pull off an “Office Space” type scheme, stealing miniscule amounts of money from each customer.
Potential Weaknesses
- Snooping on peoples’ wireless connections is difficult since the network provides some level of intrinsic security. We’re not experts on this subject, so it’s difficult for us to assess how feasible this approach is in reality.
- Replay attacks are possible, especially if any actions are carried out via text message, and a malicious user manages to take over the phone physically, or duplicate/forge the SIM card.
- Physical access is an imminent problem given the prevalence of these middlemen in transactions. Somehow, even with physical access by users other than the clients there needs to be security and accountability.
Potential Defenses
- For snooping, simply use any of the well-established encryption protocols we discussed this quarter.
- Replay attacks can be guarded against by confirming each action with a code that can only be used once.
- The physical access problem is the most difficult problem to address – and the most interesting. Since third parties are allowed access to the system by the clients, it is difficult to enforce anything in the system if the third party is malicious. One way to defend against third party mischief would be to not carry any actions out immediately, but instead to queue them and then confirm them via text message with the client an indeterminate amount of time in the future, on the order of several hours. This way, hopefully clients will be forced to examine and acknowledge all actions away from the influence of the store owners. Malicious middlemen could counter this by requesting to keep the phone until the transaction is complete, but hopefully clients would grow suspicious of this request before long.
Mobile banking is something that hasn’t quite caught on here like it has in other places of the world. Not only is it useful for banking when branches aren’t nearby, the service has in some places, like Japan, evolved to include payments via cell phone rather than credit card, and other technology-enabled services which have security implications. Ultimately, a lot of these problems are already being worked on in the context of their low-tech equivalents (eg transmitting credit card information, etc), but as we can see with the rural banking case study, there can be a lot of unexpected usages which result in unexpected potential problems.
These unexpected issues are likely where we will see the most interesting security issues in the future.
Clint Tseng and Erik Turnquist