Provides an embedded security library for native mobile web applications
Old techniques, new channel:
Mobile threat landscape is rapidly evolving
IBM® Security Trusteer® Mobile SDK provides a dedicated security library for Apple iOS and Google Android platforms. The library can be embedded in proprietary mobile banking and e-commerce applications to detect compromised and vulnerable devices and generate persistent device IDs.
IBM Security Trusteer Mobile SDK delivers:
- High-risk access detection from compromised or vulnerable mobile devices.
- A persistent mobile device ID that is generated based on hardware and software attributes and is resilient to application reinstallation.
- Augmented certificate authority security to detect and block many kinds of man-in-the-middle attacks.
- Enhanced active protection for rooted mobile devices that helps prevent attacks by cybercriminals.
High-risk access detection
- Collects device risk factors when the mobile application is opened.
- Provides risk data to the mobile banking applications, which can be used to restrict functionality based on the device risk level.
- Offers the ability to limit specific application functions, such as adding a payee or transferring money on a rooted or jailbroken device.
- Provides the ability to correlate risk data with additional device and account risk factors, such as malware infections, to flag high-risk access and transactions.
- Identifies a wide range of data, including risk data (jailbreak/rooting, financial malware, operating system patching); device data (persistent device ID, WiFi connection, SIM data); account data (user ID) and encrypted bank data (session ID).
A persistent mobile device ID
- Allows organizations to distinctly identify any device using the native mobile banking application.
- Is associated with the user account and identifies the device, even after the phone is reimaged.
- Helps verify that new devices are identified, login attempts from known devices are unchallenged and potential fraudster devices are flagged.
Augmented certificate authority security
- Provides Certificate Pinning, also known as SSL Pinning.
- Obtains the server certificate and checks it against the trusted validation data.
- Bundles the validation data with the application in the form of a trusted copy of that certificate.
- Delivers the validation data in a trusted hash or fingerprint of that certificate or the public key of the certificate.
Enhanced active protection
- Protects the Android rooting process that can provide attackers with additional privileges on the operating system, enabling different attack vectors.
- Allows detection of root evasion techniques on Android devices such as root hiders and active hiding techniques.
IBM Security Trusteer Mobile SDK Resources