Most of the world’s major banks have serious security flaws in their mobile apps which could put customers and their respective banks at risk by the attackers, according to a research by IOActive.
IOActive researcher Ariel Sanchez said that he has used iPhones and iPads to test 40 home banking apps from financial institutions worldwide.
According to the research, the testing revealed that that 90% of the apps contain non-SSL links, allowing any attacker to intercept traffic and inject code to create a fake login prompt or similar fraud.
Additionally, the research found that half of the apps are prone to JavaScript injections through insecure UIWebView implementations.
However, the native iOS functionality is left exposed in some cases enabling attackers to send SMS or e-mails from the victim’s device.
The testing also found that around 40% of the apps do not validate the authenticity of SSL certificates presented, making them vulnerable to man-in-the-middle attacks, while nearly three quarters don’t have multi-factor authentication, which could mitigate the risk of impersonation attacks.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataIOActive said that it has approached some of the banks about vulnerabilities, but argues that necessary efforts need to be taken up by the entire banking industry to protect customers.