Report: Many Banks' Web Apps & Sites Are Very Insecure

Cybersecurity firm Positive Technologies created a crude AI program to put the security of a number of banks' web apps and websites to the test, and found that almost all of them can fall prey to some fairly simple vulnerabilities, leaving the portal to customers' account information quite insecure. Across the tested set of vulnerabilities, the entire test set was found to be at risk. No one exploit or vulnerability worked across all of the tested sites and apps, but the overlap in some cases was overwhelming. Cross-site scripting or XSS attacks, for example, could affect 80-percent of all tested sites and apps in the survey set. It is worth noting that Positive Technologies did not name the banks that it tested.

The AI program made by Positive Technologies was not particularly smart; it was made to simply run preset vulnerability tests on banks' web presences, then gather as much data as possible on how the exploit impacted the system and what data could be accessed. Many of the key types of attacks that banks tested were found vulnerable to had one of two common threads; they could be used to compromise entire servers and harvest raw data, hopefully encrypted, for later use, or they could modify a site to pass users' information on to attackers. In short, this means that the tested banks could fall victim to a massive data breach at just about any time, should an enterprising hacker find a creative use for the data that would be gleaned. These banks' online presences could also, at any time, be surreptitiously hijacked to pass user information on to attackers without the users' or the banks' knowledge.

Cybersecurity as it pertains to banks, government entities, and other mission-critical use cases is always improving. Even so, basic and old vulnerabilities can stick around for a long time due to how difficult it would be to roll out systemwide fixes for them without potentially compromising or destroying sensitive data, and that seems to be the case with the tested banks in this data set. In the end, all consumers can do in this case is watch their accounts for suspicious activity, and employ a high degree of vigilance when banking online.

Copyright ©2019 Android Headlines. All Rights Reserved
This post may contain affiliate links. See our privacy policy for more information.
You May Like These
More Like This:
About the Author

Daniel Fuller

Senior Staff Writer
Daniel has been writing for Android Headlines since 2015, and is one of the site's Senior Staff Writers. He's been living the Android life since 2010, and has been interested in technology of all sorts since childhood. His personal, educational and professional backgrounds in computer science, gaming, literature, and music leave him uniquely equipped to handle a wide range of news topics for the site. These include the likes of machine learning, voice assistants, AI technology development, and hot gaming news in the Android world. Contact him at [email protected]
Android Headlines We Are Hiring Apply Now