SANS Digital Forensics and Incident Response Blog

Identity Theft Coming to a Mobile Device Near You

The increasing use of mobile devices for banking, money transfer, and payment is increasing the risk that criminals will target these devices for financial gain.

More banks are providing customers with the ability to access their accounts using mobile devices. In a number of cases, criminals have gained access to bank accounts by tricking cell phone providers into issuing SIM cards associated with the customer's account.

December 2009: Duplicate SIM card was issued to an imposter with the driver license of the victim

In addition, fraudulent mobile banking applications have emerged for Android devices that attempt to steal personal financial information.

December 2009: USAA Thwarts Mobile App Fraud

These risks will continue to grow in the coming years as more mobile devices are used to execute financial transactions. Gartner's top 10 consumer mobile applications for 2012 includes applications that enable mobile device users to make purchases and to transfer funds to others via SMS.

Digital forensic examination of mobile devices may be necessary in investigations of identify theft or data breach, providing clues about the origin and scope of an attack. In addition, financial institutions can use digital forensics techniques to assess the security of their mobile banking applications by searching for sensitive information that may be exposed on the device.

For those who want to stay current in digital forensics and incident response, I recommend taking the SANS FOR563 Mobile Device Forensics course. We are teaching this next in San Diego, May 8-12 (register here) and then at SANSFIRE 2010 in Baltimore, June 7-11 (register here).