We've been through the shareware era. We have donationware, subscription software and plain, old buy-it-in-a-box software. But the latest way to "pay" for software is by giving apps permission to access your location, camera and other data on your smartphone.
Daniel Cohen runs RSA's anti-fraud division. He's concerned with how adversaries overcome the human elements in systems in order to launch attacks. He says the number one thing people can do to avoid being the victims of fraud is to be vigilant by checking bank statements closely and to pay attention to how banking sites and applications work in order to recognise anomalous performance.
He also suggests using mobile apps for banking rather than banking websites.
"Even if you do it on Android, which is more susceptible to -- be careful using the term malware because it’s not real malware – it’s more this permissionware. You install the app. It asks you for all these permissions and you install it and it dos this different stuff."
Cohen noted that he’s not seeing advanced techniques, such as memory sniffing, on the consumer side of things. So, as long as you don’t give permission to apps running in the background to access your device in unanticipated ways, banking apps should be safe.
The author of this article travelled to Singapore to attend the RSA Conference as a guest of RSA.