90% of mobile banking apps have security problems

90% of mobile banking apps have security problems
Do you use the mobile app offered by your bank to make deposits or to handle other transactions? You might not be so eager to use it next time after hearing about the results of a recent study. Ariel Sanchez of  IO Active Labs used his Apple iPhone and Apple iPad to test out mobile banking apps, and found that 9 out of 10 have a security problem. When dealing with your money, those are not the odds that you want to see.

Sanchez tested 40 of the world's 60 "most influential banks" and found that some mobile banking apps allowed crooks to devise forms for phishing. In other words, you could receive an email from the bank that looks official, asking you for personal information. But instead of going to the bank, the info goes to criminals using the information you give them for evil purposes. Amazingly, 70% of the mobile banking apps did not have an alternate method of authentication which could help guard against impersonation of customers.

Most of the apps can easily disclose your authentication information through the Apple system log. Using an iPhone Configuration Utility tool, this information can come tumbling out of an application dump. Nice, huh? And 20% of the apps sent out security codes through plaintext communication heightening the possibility that confidential information could be intercepted and used to drain your account. Some banks are using an unencrypted database to store your confidential information.

Hopefully the financial institutions look at the report and make the necessary changes. Look at what happened to Snapchat when it didn't listen to a security expert. Right now, using a mobile banking app would appear to be akin to playing Russian Roulette with your money.

source: IOActive via BGR



1. Jommick

Posts: 221; Member since: Sep 10, 2013

What about Android banking apps?

10. joey_sfb

Posts: 6794; Member since: Mar 29, 2012

All my local banks use 2 factors authentication, Data are transmitted and store in encrypted form. Its a requirement spell out by our local financial authority, so every banks has to follow. Both iOS and Android must comply before they can launch their apps.

2. InspectorGadget80 unregistered

I never use mobile apps to buy items or pay bills it's not realible no matter what company is under. Apps never have tight security

6. Augustine

Posts: 1043; Member since: Sep 28, 2013

I always avoid them too. As a software engineer, I wouldn't trust accessing my bank account from a mobile device to a programmer.

9. Jayshmay

Posts: 82; Member since: Mar 27, 2011

People who fall for phishing are stupid, first of all an email from your bank will have either your name, or the last 4 of your acct number, a phishing email will just refer to you as "Dear Customer" nothing personal, like the bank would.

12. Droid_X_Doug

Posts: 5993; Member since: Dec 22, 2010

I am more paranoid than you are. I use my bank's mobile app only to check the balance in the accounts and what has been deposited or payments/debit card activity. I do not enable the app to pay bills or make deposits or transfer funds. There is no such thing as a completely secure mobile app.

3. Aplusk

Posts: 120; Member since: Nov 10, 2013

thats not a good news.

4. axllebeer

Posts: 272; Member since: Apr 05, 2011

Anyone still banking on a BlackBerry? I know a huge percentage of the world is using Android too. Why was this study limited only to iOS devices?

5. bubbadoes

Posts: 1225; Member since: May 03, 2012

Not surprised at all! Target and Neiman Marcus have all fell victims to data breaches. What makes you think your cell phone is any different. With all the free wifi hotspots out there, some being havens for identity theft is no surprise at all. At least my bank will not hold me liable for any fraudulent charges/activity.

7. Augustine

Posts: 1043; Member since: Sep 28, 2013

Which makes the most common vulnerability, failure to use SSL, all the more egregious. This is by far the easiest thing to have and, since it's neglected by 90% of the apps, it hints at even worse carelessness in the other, more difficult to counter vulnerabilities.

8. DukeX

Posts: 327; Member since: Aug 28, 2013

You all act like this couldn't happen on a pc. Jeez

11. Edmund

Posts: 656; Member since: Jul 13, 2012

Nope. The only solution I would ever use is Internet Explorer

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless