IBM® Trusteer® Mobile SDK provides a dedicated security library for Apple iOS and Google Android platforms. The library can be embedded in proprietary mobile banking and e-commerce applications to detect compromised and vulnerable devices and generate persistent device IDs.
IBM Trusteer Mobile SDK delivers:
- High-risk access detection from compromised or vulnerable mobile devices
- A persistent mobile device ID that is generated based on hardware and software attributes and is resilient to application reinstallation
- Augmented certificate authority security to detect and block many kinds of man-in-the-middle attacks
- Enhanced active protection for rooted mobile devices that helps prevent attacks by cybercriminals
High-risk access detection
- Collects device risk factors when the mobile application is opened
- Provides risk data to the mobile banking applications, which can be used to restrict functionality based on the device risk level
- Offers the ability to limit specific application functions, such as adding a payee or transferring money on a rooted or jailbroken device
- Provides the ability to correlate risk data with additional device and account risk factors, such as malware infections, to flag high-risk access and transactions
- Identifies a wide range of data, including risk data (jailbreak/rooting, financial malware, operating system patching); device data (persistent device ID, WiFi connection, SIM data); account data (user ID) and encrypted bank data (session ID)
A persistent mobile device ID
- Allows organizations to distinctly identify any device using the native mobile banking application
- Is associated with the user account and identifies the device, even after the phone is reimaged
- Helps verify that new devices are identified, login attempts from known devices are unchallenged and potential fraudster devices are flagged
Augmented certificate authority security
- Provides Certificate Pinning, also known as SSL Pinning
- Obtains the server certificate and checks it against the trusted validation data
- Bundles the validation data with the application in the form of a trusted copy of that certificate
- Delivers the validation data in a trusted hash or fingerprint of that certificate or the public key of the certificate
Enhanced active protection
- Protects the Android rooting process that can provide attackers with additional privileges on the operating system, enabling different attack vectors
- Allows detection of root evasion techniques on Android devices such as root hiders and active hiding techniques