SECURITY REVIEW ON AIRTEL MONEY IN UGANDA

A REVIEW ON AIRTEL MONEY IN UGANDA

Mobile Money We have performed a security review on the Airtel Money System with a basis on Application (client side) security, Server side practices and Policy environment.

1.0 Assets

This includes Data such as clients names, location, telephone numbers, transaction reports. This data is so crucial such as transaction logging that keeps track of the client’s dealing with the Airtel money.
Resources such as clients, agents, servers, phones. For any Airtel money transaction to take place, these 3 resources have to be into play so as to effect transaction especially when withdrawing money.
Infrastructure such as network, the network has to be secure to avoid attackers interfering the transactions of mobile money, Airtel has secured the network using standard secure protocols that bar attackers.

2.0 Threats

2.1 Mobile Phones Vulnerabilities

According to computer crime and security survey report of 2009[2], 42% of the respondents experienced “laptop and mobile hardware loss or theft” and 12% of these cases led to data breaches Viruses have also attacked mobile phone devices. According to the report by NISA, user’s unawareness on smartphone might lead the user to install applications from non-trusted sources. These applications might contain malware that can alter private information in the smartphone or send private information to other devices. The information sent by malware can later be used by an attacker to conduct fraud in AMSs

2.2 Airtel Money Customer Behavior

The customer who owns an Airtel money account is accountable for maintaining security of his/her account. The manner in which mobile phones, SIM cards and PINs are handled by the customer may affect security of the electronic money stored in mobile money account. For example, over trust of customer to mobile money agents such as telling them the PIN when the customer wants to withdraw money from mobile money account can lead to security breach. Sharing of mobile phones among family members and co-workers also may lead to unauthorized access of the mobile money account.

2.3 Living and Working Environment

Usually mobile money business is done by agent separately or together with other services. Agent offices may have several staffs who serve for distinct services in the same office or shop. In case a dishonest staff who is not serving for AMSs knows the mobile money PIN of another staff who serves for AMSs [3], unauthorized transaction may be committed. The environments in which AMSs are carried are also subjected to security risks. For example, while some agents have permanent offices, other agents in town centers have no offices. They just stay along the road or near bus stands. Such environments make AMS vulnerable to theft or unauthorized access attacks.

2.4 Un-Sensitized Airtel Money Clients.

Clients who use Airtel money have not been duly sensitized on the proper usage of safe Airtel money services. Airtel as a company has not carried out enough ground user education especially in villages where most people are not civilized, some people especially the old keep pins in their phone contacts so as not to forget them, this makes their Airtel money transaction so vulnerable in a way that anyone who accesses their phones can withdraw money because it’s easy to access such pins.

2.5 Lack of integrity of the Agents

Most of the Mobile money agents connive with gangs or thieves to steal the withdrawn money from the clients. After a client withdrawing large amounts of money, some Airtel agents may pick up their phones and call bad guys who may end up stealing the clients’ money, this is the case in most slums of towns.

2.6 Other Security Threats

  • Usage of Airtel money for money laundering.
  • Theft of agents’ liquidity.
  • Inactive Airtel money clients’ accounts.

3.0 Weakness of mobile money

3.1 USSD Technology Vulnerabilities

The use of USSD technology in Airtel money services conveys several security challenges. The PIN that passes via USSD technology to the server is weakly encrypted; therefore attackers using network sniffers applications like Wire-shark can intercept it. Also, the service provider can read the sent PIN [2].

3.2 Unprotected User Data

Airtel money services lets even a third party to access clients’ information such as names even if they are not ready to make transactions. Once someone has access to a clients’ telephone number, he or she is able to check the details of a client in disguise of trying to send money to the client which sometimes may victimize the clients’ life as the third party may use such information to hold a client at a ransom as it is the case in most parts of Uganda.

3.3 Unencrypted User PINS

Airtel money relays an interface to its clients to enter pins as a way of authenticating them to use the services but the pins are always typed and displayed in plain text. This is a security concern as it offers chance to shoulder surfers to read a client’s pin and they can consequently steal a client’s phone and use this pin to withdraw the money from the account.

3.4 Short PINS

Airtel money always allows its clients to register four digits pin as a way of creating authentication but this becomes a security concern as someone can easily guess such pins, it does not take lots of time to guess the right four digits of a client’s pin since most of them use simple digits they can recall such as 2222, 8844 and many others of such combination..

3.5 Use of Airtel money for money laundering.

Ensuring that all transactions carried out on the mobile money platform are traceable and accounts held at the banks are fully auditable

3.6 Money sent to a wrong recipient

The process is lengthy to block the transaction thus this recipient can immediately withdraw the sent money before the procedure of blocking the transaction is initiated.

4.0 Defenses

4.1 The use of Two Factor Authentication by Airtel money

The authentication methods used in computer systems are usually divided into three main types: (what a user knows, what you have and whom you are), Airtel money requires its customers to have PINs so as they can use them when transacting with the server, and it also sends a token to a client as a way of securing the transactions.

4.2 Encrypting Airtel money Client’s PIN

Currently Airtel money in authenticating clients it uses SHA-1 and RSA to encrypt PINS for example use of public keys, Key=j72gy1yY||phoneNumber||accountNumber this makes transaction more secure.

4.3 Patching

Airtel Money Company usually updates mobile money services at night which is ideal time when most clients are not affected so as to improve on the current system The servers should have daily maintenance in a way of replacing outdated software with new software that has been developed.

4.4 Use of PINs for Authenticating Airtel Money Clients

Airtel money uses a PIN of four digits as a way of authenticating clients when withdrawing money, this is a partial part of securing mobile money transactions.

5.0 PROTOCOL FOR USERS OF AIRTEL MONEY SERVICES

The protocol starts by the client sending his or her PIN and amount to withdraw to the Airtel server, the server responds by sending of a challenge that only the server and a client knows of such as 82571 and then a challenge can be -2—1 and the client has to fill in the correct missing figures so as to synchronize with the PIN as a two way authentication. When the challenge has been correctly sent, the server then replies by sending a token needed for the transaction to take place. The protocol is based on a withdrawing transaction service provided by Airtel Money.
C=Client, S=Airtel Money Server, N=Challenge, A=Airtel Money Agent, AMT=Amount, K=Encryption Key. C→S:C,{PIN}_KCS,AMT
S→C:{N}_KSC // N is a challenge from the server to the client which involves completing a secret co
C→S:{N+1}_KSC
C→A:{TOKEN,T_(S ) }_KSC, CN
A→S:{CN,{TOKEN,T_S }_KCS,C}_KAS
S→A:AMT,CN,C
A→S:〖PIN〗_KAS
S→A:M_KAS
S→C:M_KCS

b) General secure java programming guidelines

Don’t expose methods that use reduce-security checks to untrusted code

Most methods lack security manager checks because they do not provide access to sensitive parts of the system, such as the file system. Most methods that do provide security manager checks verify that every class and method in the call stack is authorized before they proceed. This security model allows restricted programs, such as Java applets, to have full access to the core Java library. It also prevents a sensitive method from acting on behalf of a malicious method that hides behind trusted methods in the call stack.

Ensure that security-sensitive methods are called with validated arguments

Application code that calls security-sensitive methods must validate the arguments being passed to the methods. In particular, null values may be interpreted as benign by certain security-sensitive methods but may override default settings.

Create a secure sandbox using security manager.

The applet security manager denies applets all but the most essential privileges. It is designed to protect against inadvertent system modification, information leakage, and user impersonation. The use of security managers is not limited to client-side protection. Web servers, such as Tomcat and WebSphere, use this facility to isolate trojan servlets and malicious Java Server Pages (JSP) code as well as to protect sensitive system resources from inadvertent access. For example This is uncompliant guideline java LocalJavaApp, .

Define custom security permissions for fine-grained security.

Sometimes, stronger restrictions than those provided by the default security manager are necessary. Failure to provide custom permissions when no corresponding default permissions exist can lead to privilege escalation vulnerabilities that enable untrusted callers to execute restricted operations or actions. This addresses the principle of granting least privilege access. For example, the following code is complaint code to this guideline

Other guidelines include

  • Store passwords using hash functions
  • Don’t use weak or insecure cryptographic algorithms
  • Provide sensitive mutable classes with unmodifiable wrappers
  • Don’t use Object.equals() to compare cryptographic keys
6. REFERENCES [1] Gilman, Lara and Joyce, Michael. Managing the Risk of Fraud in Mobile Money. GSMA: Mobile Money for Unbanked (MMU). 2012. [2] Chong, M.K., Security of Mobile Banking: Secure SMS banking. Data Network Architectures Group. University of Cape Town, South Africa, 2006. [3] ITU. The Mobile Money Revolution Part 2: Financial Inclusion Enabler. ITU-T Technology Watch Report. May 2013. Money

Comments

Popular posts from this blog

Documentation is Very vital before you develop any system or app

Everything you need to know when developing an on demand service app

Steps followed when creating a new software