Banking apps may not be secure, report shows 9 out of 10 ‘leak info’

http://androidcommunity.com/banking-apps-may-not-be-secure-report-shows-9-out-of-10-leak-info-20140114/

You’d think the app available from your bank would be secure. Though some prefer to use third party financial apps like Mint, the app on offer from your financial institution is believed to be the more secure option. According to a new study, that’s not the case. About 90% of all banking apps were found to be compromised, possibly allowing hackers access to your accounts and information.

Ariel Sanchez of IO active labs took to the apps offered by many top banks and tested for compromises. Tested were 40 apps “from the top 60 most influential banks in the world.” In that testing, Sanchez found that 9 out of 10 times, there were security problems. From JavaScript hacking to a false HTML form to be generated, your bank likely has giant security holes throughout the app you use.

Sadly, Sanchez also found that in most cases (70% of the time), the banks have no alternative authentication. Even log files, such as crash reports, logged sensitive information that could be used for zero-day exploits. Perhaps most troubling, Sanchez reports “Internal functionality exposed via plaintext connections (HTTP) could allow an attacker with access to the network traffic to intercept or tamper with data.Moreover, 20% of the apps sent activation codes for accounts though plainttext communication (HTTP).”

Though the testing was done via iOS, this affects all of us. While there may be backend stopgaps via your bank to thwart nefarious activity, the fact that the apps are so insecure is concerning. You trust your banking institution with your money. You should be confident they are handling your information correctly, too.

Story Timeline

Hackers rake in large bounties for security exploits
SMS security flaw affects Nexus devices, Android 4.3 and 4.4
Android security benefits from culture of openness
Blackberry CEO on bringing security and productivity to Android: ‘We’d love to do it’
Samsung KNOX security solution might not be that secure after all

Sent by gReader Pro

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s