Smartphones and other devices can be used to attack a bank , you ask how?
Cyber criminals know they can get much greater benefits without needing to expose themselves by attacking banks remotely.
JUST WONDERING…
Why do banks prohibit use of mobile phones in banking halls?— Joshua K. Njenga (@JKNjenga) March 27, 2019
The use of cell phones has been exploited for illicit activities in banking halls and that is why it remains strictly forbidden to use cell phones in banking halls.
Once an attacker has established that there is nothing they can do through the WiFi network, they will probably use their smartphone for other purposes.
One of the simplest ways, but one which is very useful for gathering information, consists of using the camera of the smartphone to take photos and videos of anything that might be of interest to the attacker.
Capturing images showing which software is used by the employees, which ports are used on employee PCs when serving customers, what network outlets that might be accessible, identification plates, or even filming when and how the security guards change shift — are all actions can be very useful for someone planning a future attack.
Furthermore, if the device has Near-field communication (NFC) capabilities, the attacker can try their luck and see if they can capture the data from any staff ID card which might give them access to restricted areas used only by employees.
This would be risky when it comes to actually entering the area, but it wouldn’t be the first time somebody tried it.
Moving on to more specialized types of devices, one kind available is known as a “WiFi Pineapple”, which the attacker can use to create a fake access point and see if any employees try to connect to it.
They would then monitor their connections and try to capture passwords for accessing the bank’s internal systems.
Otherwise, they could try to pass themselves off as a customer and approach an employee with some kind of query in order to then take advantage of a moment of carelessness when, if the employee’s computer has a USB port free, they can plug in a “Rubber Ducky” device, which then executes the commands necessary to steal as much information as possible.
They could also try to get the computer to download some malicious code from an online archive pre-configured by the attacker, using something like a ready-made payload or one they created themselves.
All of the above involve one major hurdle for the attacker, and that is that they would have to go in person to the actual branch of the bank they want to attack.
The security cameras could be used against them if the video recordings are analyzed after discovering the attack, and for that reason, attacks that manage to infiltrate banks’ and other companies’ corporate networks tend to be executed remotely.