90% of mobile banking apps have security problems

Do you use the mobile app offered by your bank to make deposits or to handle other transactions? You might not be so eager to use it next time after hearing about the results of a recent study. Ariel Sanchez of  IO Active Labs used his Apple iPhone and Apple iPad to test out mobile banking apps, and found that 9 out of 10 have a security problem. When dealing with your money, those are not the odds that you want to see.

Sanchez tested 40 of the world's 60 "most influential banks" and found that some mobile banking apps allowed crooks to devise forms for phishing. In other words, you could receive an email from the bank that looks official, asking you for personal information. But instead of going to the bank, the info goes to criminals using the information you give them for evil purposes. Amazingly, 70% of the mobile banking apps did not have an alternate method of authentication which could help guard against impersonation of customers.

Most of the apps can easily disclose your authentication information through the Apple system log. Using an iPhone Configuration Utility tool, this information can come tumbling out of an application dump. Nice, huh? And 20% of the apps sent out security codes through plaintext communication heightening the possibility that confidential information could be intercepted and used to drain your account. Some banks are using an unencrypted database to store your confidential information.

Hopefully the financial institutions look at the report and make the necessary changes. Look at what happened to Snapchat when it didn't listen to a security expert. Right now, using a mobile banking app would appear to be akin to playing Russian Roulette with your money.


source: IOActive via BGR