480931

New Report Suggests That Most Banking Apps May Be Less Secure Than You Think

January 14, 2014 - Written By Justin Diaz


With all the digital advancements, we are doing more and more from our smartphones than ever before. From reading news and playing games, right down to online shopping and even banking from our mobile devices. While not everyone uses their smartphones and tablets for these purposes, many people do. Despite your banking establishment of choice’s reassurances that banking from your mobile is safer than ever, (which in some cases may be true) a new report suggests otherwise, claiming that 9 out of 10 banking apps actually share information. This study by IOActive Labs Research reveals that 90% of all banking apps had been found compromised in some way, making it possible for hackers and would-be evil doers to get access to your information. This is the last thing you’d expect from the official dedicated app of your bank.

To get at this information, Ariel Sanchez of IOActive Labs apparently had to test 40 of the most popular used banking apps, all of which were chosen as 40 out of “60 of the worlds top most influential banks.” says Sanchez. What was interesting when going through the testing of these apps, is that Sanchez found security flaws in the apps 9 out of 10 times ranging from a false HTML form to be generated, to javascript hacking. In addition to those flaws, Sanchez points out that the banks in most situations didn’t have any sort of alternative for the authentication process, about 70% of the time to be exact. The worst thing Sanchez says was a statement that:

“Internal functionality exposed via plaintext connections (HTTP) could allow an attacker with access to the network traffic to intercept or tamper with data.Moreover, 20% of the apps sent activation codes for accounts though plainttext communication (HTTP).”

It’s worth noting that the tests were done via iOS apps, but IOActive Labs mentions it affects everyone, whether on iOS or Android. It’s certainly troubling to find out that the bank that you use may be among those whose apps were tested and had been found to have significant security flaws. Hopefully those particular banks will be doing some revisions of the security protocols and authentications to make the use of the apps more secure. Do you do banking or any sort of transactions with your bank through a mobile app? If so will you continue knowing this information? Let us know what you think in the comments.