Apps

90% of mobile banking apps have security problems

Ivaylo Ivanov posted by Ivaylo Ivanov   /  Jan 14, 2014, 11:34 AM
90% of mobile banking apps have security problems
Do you use the mobile app offered by your bank to make deposits or to handle other transactions? You might not be so eager to use it next time after hearing about the results of a recent study. Ariel Sanchez of  IO Active Labs used his Apple iPhone and Apple iPad to test out mobile banking apps, and found that 9 out of 10 have a security problem. When dealing with your money, those are not the odds that you want to see.

Sanchez tested 40 of the world's 60 "most influential banks" and found that some mobile banking apps allowed crooks to devise forms for phishing. In other words, you could receive an email from the bank that looks official, asking you for personal information. But instead of going to the bank, the info goes to criminals using the information you give them for evil purposes. Amazingly, 70% of the mobile banking apps did not have an alternate method of authentication which could help guard against impersonation of customers.

Most of the apps can easily disclose your authentication information through the Apple system log. Using an iPhone Configuration Utility tool, this information can come tumbling out of an application dump. Nice, huh? And 20% of the apps sent out security codes through plaintext communication heightening the possibility that confidential information could be intercepted and used to drain your account. Some banks are using an unencrypted database to store your confidential information.

Hopefully the financial institutions look at the report and make the necessary changes. Look at what happened to Snapchat when it didn't listen to a security expert. Right now, using a mobile banking app would appear to be akin to playing Russian Roulette with your money.


source: IOActive via BGR

FEATURED VIDEO

Options

12 Comments

Jommick
Reply

1. Jommick

Posts: 221; Member since: Sep 10, 2013

What about Android banking apps?

posted on Jan 14, 2014, 12:07 PM

joey_sfb
Reply

10. joey_sfb

Posts: 6794; Member since: Mar 29, 2012

All my local banks use 2 factors authentication, Data are transmitted and store in encrypted form. Its a requirement spell out by our local financial authority, so every banks has to follow. Both iOS and Android must comply before they can launch their apps.

posted on Jan 14, 2014, 5:52 PM

InspectorGadget80 unregistered
Reply

2. InspectorGadget80 unregistered

I never use mobile apps to buy items or pay bills it's not realible no matter what company is under. Apps never have tight security

posted on Jan 14, 2014, 12:23 PM

Augustine
Reply

6. Augustine

Posts: 1043; Member since: Sep 28, 2013

I always avoid them too. As a software engineer, I wouldn't trust accessing my bank account from a mobile device to a programmer.

posted on Jan 14, 2014, 2:25 PM

Jayshmay
Reply

9. Jayshmay

Posts: 82; Member since: Mar 27, 2011

People who fall for phishing are stupid, first of all an email from your bank will have either your name, or the last 4 of your acct number, a phishing email will just refer to you as "Dear Customer" nothing personal, like the bank would.

posted on Jan 14, 2014, 3:21 PM

Droid_X_Doug
Reply

12. Droid_X_Doug

Posts: 5993; Member since: Dec 22, 2010

I am more paranoid than you are. I use my bank's mobile app only to check the balance in the accounts and what has been deposited or payments/debit card activity. I do not enable the app to pay bills or make deposits or transfer funds. There is no such thing as a completely secure mobile app.

posted on Jan 15, 2014, 12:21 AM

Aplusk
Reply

3. Aplusk

Posts: 120; Member since: Nov 10, 2013

thats not a good news.

posted on Jan 14, 2014, 12:26 PM

axllebeer
Reply

4. axllebeer

Posts: 271; Member since: Apr 05, 2011

Anyone still banking on a BlackBerry? I know a huge percentage of the world is using Android too. Why was this study limited only to iOS devices?

posted on Jan 14, 2014, 12:34 PM

bubbadoes
Reply

5. bubbadoes

Posts: 1225; Member since: May 03, 2012

Not surprised at all! Target and Neiman Marcus have all fell victims to data breaches. What makes you think your cell phone is any different. With all the free wifi hotspots out there, some being havens for identity theft is no surprise at all. At least my bank will not hold me liable for any fraudulent charges/activity.

posted on Jan 14, 2014, 1:18 PM

Augustine
Reply

7. Augustine

Posts: 1043; Member since: Sep 28, 2013

Which makes the most common vulnerability, failure to use SSL, all the more egregious. This is by far the easiest thing to have and, since it's neglected by 90% of the apps, it hints at even worse carelessness in the other, more difficult to counter vulnerabilities.

posted on Jan 14, 2014, 2:27 PM

DukeX
Reply

8. DukeX

Posts: 327; Member since: Aug 28, 2013

You all act like this couldn't happen on a pc. Jeez

posted on Jan 14, 2014, 2:31 PM

Edmund
Reply

11. Edmund

Posts: 656; Member since: Jul 13, 2012

Nope. The only solution I would ever use is Internet Explorer

posted on Jan 14, 2014, 8:12 PM

view all comments
Want to comment? Please Log in or sign up.

Featured stories

OnePlus-7T-renders-design-leak
OnePlus 7T leaks with huge rear camera module, familiar front
Photo-claims-to-show-the-new-Apple-Watch-Series-5
Here's your first look at the Apple Watch Series 5
Samsungs-Galaxy-S10-Android-10-update-One-UI-2.0-new-features-gestures
Android 10 for Galaxy S10 just leaked, see the new navigation gestures applied to OneUI 2.0
can-we-get-Galaxy-Note-with-flat-display
Now that we have two Galaxy Notes, can we get one with a flat display?
OnePlus-7T-Pro-design-leak
Here's what the OnePlus 7T & 7T Pro might look like from the rear
Android-10-name-announced
End of an era: Android's dessert names are no more with Android 10
The-evolution-of-Samsungs-Galaxy-Note-series
Samsung Galaxy Note evolution: what's changed from the very first Note until now
Apple-iPhone-11-Pro-AirPods-3-iPad-Pro-Watch-5-HomePod-report
Apple report details iPhone Pro, AirPods 3, iPad upgrades, much more

Popular stories

All-four-major-U.S.-carriers-are-having-outages
Outages are affecting all four major U.S. carriers
Monday-is-the-last-day-to-enter-T-Mobiles-latest-sweepstakes
Last chance to win one of ten Samsung Galaxy Note 10 phones being given away by T-Mobile
Pixel-4-design-mockup
Mock Google Pixel 4 promo video showcases the new 'dare to be square' camera design
best-buy-moto-g7-power-deal-verizon-installments-new-lines
Best Buy has the Moto G7 Power on sale for less than 20 bucks overall
Motorola-RAZR-2019-Europe-release-price-features-battery
Verizon's foldable Moto RAZR 2019 leak pegs a holiday release, $1500 price, yet ho-hum specs
LG-Stylo-5-T-Mobile-price-features-release-date
The LG Stylo 5 is T-Mobile's newest Android phone
Deal-Google-Pixel-Stand-is-25-off-at-Best-Buy
Deal: Google Pixel Stand is 25% off at Best Buy
Pokemon-GO-Water-Festival-2019
Pokemon GO brings back Water Festival, adds two new Pokemon, raids, bonuses

Hot phones

Latest Stories

View more
This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.