iOS banking apps security posture improve from 2013 but problems still remain
A well-known Security consultant recently stated that the security of mobile banking apps has improved over the last two years but there’s still scope for improvement. The research covered 30+ mobile banking apps for iOS in use around the world confining only for client side security weaknesses or vulnerabilities and didn’t include any server-side testing. His findings are an eye-opener:-
- 5 apps failed to validate the authenticity of the SSL certificates, making them susceptible to Man-in-The-Middle (MiTM) attacks.
- 15% of the apps store unencrypted and sensitive information, such as details about customers’ banking accounts and transaction history, in the file system via sqlite databases or other plaintext files.
- Most apps rely simply on username and password for authentication. Only 40% of the apps provided alternative authentication solutions to mitigate the risk of leaking user credentials and impersonal attacks.
One improvement noticeable across all apps was that of increased transport security of the data by properly validating SSL certificates or removing plaintext traffic helping to mitigate the risk of users being exposed to MiTM attacks
The conclusion was that although security has increased over the past couple of years, still many apps still remain vulnerable.
Authored by Hussain Ali Ladha
Rate this article: