90% of mobile banking apps have security problems
Sanchez tested 40 of the world's 60 "most influential banks" and found that some mobile banking apps allowed crooks to devise forms for phishing. In other words, you could receive an email from the bank that looks official, asking you for personal information. But instead of going to the bank, the info goes to criminals using the information you give them for evil purposes. Amazingly, 70% of the mobile banking apps did not have an alternate method of authentication which could help guard against impersonation of customers.
Most of the apps can easily disclose your authentication information through the Apple system log. Using an iPhone Configuration Utility tool, this information can come tumbling out of an application dump. Nice, huh? And 20% of the apps sent out security codes through plaintext communication heightening the possibility that confidential information could be intercepted and used to drain your account. Some banks are using an unencrypted database to store your confidential information.
Hopefully the financial institutions look at the report and make the necessary changes. Look at what happened to Snapchat when it didn't listen to a security expert. Right now, using a mobile banking app would appear to be akin to playing Russian Roulette with your money.
9 out of 10 mobile banking apps have security holes
1. Some mobile banking apps make it easy for criminals to phish for your personal information
2. The security problems found on many banking apps
source: IOActive via BGR
10. joey_sfb (Posts: 3109; Member since: 29 Mar 2012)
All my local banks use 2 factors authentication, Data are transmitted and store in encrypted form. Its a requirement spell out by our local financial authority, so every banks has to follow.
Both iOS and Android must comply before they can launch their apps.
2. InspectorGadget80 (Posts: 6675; Member since: 26 Mar 2011)
I never use mobile apps to buy items or pay bills it's not realible no matter what company is under. Apps never have tight security
6. Augustine (Posts: 776; Member since: 28 Sep 2013)
I always avoid them too. As a software engineer, I wouldn't trust accessing my bank account from a mobile device to a programmer.
9. Jayshmay (Posts: 65; Member since: 27 Mar 2011)
People who fall for phishing are stupid, first of all an email from your bank will have either your name, or the last 4 of your acct number, a phishing email will just refer to you as "Dear Customer" nothing personal, like the bank would.
12. Droid_X_Doug (Posts: 5920; Member since: 22 Dec 2010)
I am more paranoid than you are. I use my bank's mobile app only to check the balance in the accounts and what has been deposited or payments/debit card activity. I do not enable the app to pay bills or make deposits or transfer funds.
There is no such thing as a completely secure mobile app.
4. axllebeer (Posts: 266; Member since: 05 Apr 2011)
Anyone still banking on a BlackBerry? I know a huge percentage of the world is using Android too. Why was this study limited only to iOS devices?
5. bubbadoes (Posts: 348; Member since: 03 May 2012)
Not surprised at all! Target and Neiman Marcus have all fell victims to data breaches. What makes you think your cell phone is any different. With all the free wifi hotspots out there, some being havens for identity theft is no surprise at all. At least my bank will not hold me liable for any fraudulent charges/activity.
7. Augustine (Posts: 776; Member since: 28 Sep 2013)
Which makes the most common vulnerability, failure to use SSL, all the more egregious. This is by far the easiest thing to have and, since it's neglected by 90% of the apps, it hints at even worse carelessness in the other, more difficult to counter vulnerabilities.
8. DukeX (Posts: 327; Member since: 28 Aug 2013)
You all act like this couldn't happen on a pc. Jeez
11. Edmund (Posts: 656; Member since: 13 Jul 2012)
Nope. The only solution I would ever use is Internet Explorer