Apps

90% of mobile banking apps have security problems

Ivaylo Ivanov posted by Ivaylo Ivanov   /  Jan 14, 2014, 11:34 AM
90% of mobile banking apps have security problems
Do you use the mobile app offered by your bank to make deposits or to handle other transactions? You might not be so eager to use it next time after hearing about the results of a recent study. Ariel Sanchez of  IO Active Labs used his Apple iPhone and Apple iPad to test out mobile banking apps, and found that 9 out of 10 have a security problem. When dealing with your money, those are not the odds that you want to see.

Sanchez tested 40 of the world's 60 "most influential banks" and found that some mobile banking apps allowed crooks to devise forms for phishing. In other words, you could receive an email from the bank that looks official, asking you for personal information. But instead of going to the bank, the info goes to criminals using the information you give them for evil purposes. Amazingly, 70% of the mobile banking apps did not have an alternate method of authentication which could help guard against impersonation of customers.

Most of the apps can easily disclose your authentication information through the Apple system log. Using an iPhone Configuration Utility tool, this information can come tumbling out of an application dump. Nice, huh? And 20% of the apps sent out security codes through plaintext communication heightening the possibility that confidential information could be intercepted and used to drain your account. Some banks are using an unencrypted database to store your confidential information.

Hopefully the financial institutions look at the report and make the necessary changes. Look at what happened to Snapchat when it didn't listen to a security expert. Right now, using a mobile banking app would appear to be akin to playing Russian Roulette with your money.

9 out of 10 mobile banking apps have security holes

Some mobile banking apps make it easy for criminals to phish for your personal information
The security problems found on many banking apps The security problems found on many banking apps

source: IOActive via BGR

FEATURED VIDEO

Options

12 Comments

Jommick
Reply

1. Jommick

Posts: 221; Member since: Sep 10, 2013

What about Android banking apps?

posted on Jan 14, 2014, 12:07 PM

joey_sfb
Reply

10. joey_sfb

Posts: 6794; Member since: Mar 29, 2012

All my local banks use 2 factors authentication, Data are transmitted and store in encrypted form. Its a requirement spell out by our local financial authority, so every banks has to follow. Both iOS and Android must comply before they can launch their apps.

posted on Jan 14, 2014, 5:52 PM

InspectorGadget80 unregistered
Reply

2. InspectorGadget80 unregistered

I never use mobile apps to buy items or pay bills it's not realible no matter what company is under. Apps never have tight security

posted on Jan 14, 2014, 12:23 PM

Augustine
Reply

6. Augustine

Posts: 1043; Member since: Sep 28, 2013

I always avoid them too. As a software engineer, I wouldn't trust accessing my bank account from a mobile device to a programmer.

posted on Jan 14, 2014, 2:25 PM

Jayshmay
Reply

9. Jayshmay

Posts: 82; Member since: Mar 27, 2011

People who fall for phishing are stupid, first of all an email from your bank will have either your name, or the last 4 of your acct number, a phishing email will just refer to you as "Dear Customer" nothing personal, like the bank would.

posted on Jan 14, 2014, 3:21 PM

Droid_X_Doug
Reply

12. Droid_X_Doug

Posts: 5993; Member since: Dec 22, 2010

I am more paranoid than you are. I use my bank's mobile app only to check the balance in the accounts and what has been deposited or payments/debit card activity. I do not enable the app to pay bills or make deposits or transfer funds. There is no such thing as a completely secure mobile app.

posted on Jan 15, 2014, 12:21 AM

Aplusk
Reply

3. Aplusk

Posts: 120; Member since: Nov 10, 2013

thats not a good news.

posted on Jan 14, 2014, 12:26 PM

axllebeer
Reply

4. axllebeer

Posts: 271; Member since: Apr 05, 2011

Anyone still banking on a BlackBerry? I know a huge percentage of the world is using Android too. Why was this study limited only to iOS devices?

posted on Jan 14, 2014, 12:34 PM

bubbadoes
Reply

5. bubbadoes

Posts: 1225; Member since: May 03, 2012

Not surprised at all! Target and Neiman Marcus have all fell victims to data breaches. What makes you think your cell phone is any different. With all the free wifi hotspots out there, some being havens for identity theft is no surprise at all. At least my bank will not hold me liable for any fraudulent charges/activity.

posted on Jan 14, 2014, 1:18 PM

Augustine
Reply

7. Augustine

Posts: 1043; Member since: Sep 28, 2013

Which makes the most common vulnerability, failure to use SSL, all the more egregious. This is by far the easiest thing to have and, since it's neglected by 90% of the apps, it hints at even worse carelessness in the other, more difficult to counter vulnerabilities.

posted on Jan 14, 2014, 2:27 PM

DukeX
Reply

8. DukeX

Posts: 327; Member since: Aug 28, 2013

You all act like this couldn't happen on a pc. Jeez

posted on Jan 14, 2014, 2:31 PM

Edmund
Reply

11. Edmund

Posts: 656; Member since: Jul 13, 2012

Nope. The only solution I would ever use is Internet Explorer

posted on Jan 14, 2014, 8:12 PM

view all comments
Want to comment? Please Log in or sign up.

Featured stories

FCC-close-to-approving-T-Mobile-Sprint-merger
FCC Chairman Pai recommends approval of T-Mobile-Sprint Merger
The-Flagship-Killer-is-dead.-Long-live-the-new-OnePlus
The Flagship Killer is dead. Long live the new OnePlus
will-Apple-Samsung-counter-Pixel-3a-flagship-camera
What could be Apple and Samsung’s answer to the Pixel 3a?
Google-will-reportedly-stop-offering-Android-updates-to-Huawei-phones
Google is reportedly about to deliver a knockout blow to Huawei
Samsung-Galaxy-Note-10-Pro-design-camera-leak
Huge Galaxy Note 10/Pro leak points towards major design changes
sprint-first-5g-devices-lg-v50-thinq-htc-5g-hub-release-date-prices-deals
Sprint's first 5G devices get a release date and some killer introductory deals
Samsung-Galaxy-S10-5G-Verizon-launch-deal
Samsung Galaxy S10 5G now available at Verizon, save up to $650
Google-Pixel-4-XL-5G-design-specs-camera-price-release-date
Google Pixel 4 and Pixel 4 XL rumor review: Design, specs, camera, price and release date

Popular stories

Google-Pixel-4-no-physical-buttons-features-leak
New Google Pixel 4 leak suggests massive change is coming
Samsung-Galaxy-Note-10-Pro-display-aspect-ratio-benchmark
The latest Galaxy Note 10 Pro leak just verified an important feature
moto-g7-power-big-battery-4gb-ram-woot-deal
Killer new deal brings the unlocked Moto G7 Power with 4GB RAM down to $200
moto-z2-play-verizon-best-buy-deal-activation-monthly-installments
Verizon customers can get the Moto Z2 Play for $1 a month or $24 total at Best Buy
OnePlus-7-Pro-prices-promo-poster
These are the OnePlus 7/Pro retail prices, and a new features promo
unlocked-moto-e5-play-woot-deal-crazy-low-price
Unlocked Moto E5 Play drops to an irresistible $49.99 at Woot for one day only
Asus-ZenFone-6-features-specs-price
Asus ZenFone 6 is official: motorized camera, Snapdragon 855, $499
Samsung-Galaxy-Note-10-Pro-design-camera-leak
Huge Galaxy Note 10/Pro leak points towards major design changes

Hot phones

Latest Stories

View more
This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.