Most of the world’s major banks have serious security flaws in their mobile apps which could put customers and their respective banks at risk by the attackers, according to a research by IOActive.
IOActive researcher Ariel Sanchez said that he has used iPhones and iPads to test 40 home banking apps from financial institutions worldwide.
Go deeper with GlobalData
According to the research, the testing revealed that that 90% of the apps contain non-SSL links, allowing any attacker to intercept traffic and inject code to create a fake login prompt or similar fraud.
Additionally, the research found that half of the apps are prone to JavaScript injections through insecure UIWebView implementations.
However, the native iOS functionality is left exposed in some cases enabling attackers to send SMS or e-mails from the victim’s device.
The testing also found that around 40% of the apps do not validate the authenticity of SSL certificates presented, making them vulnerable to man-in-the-middle attacks, while nearly three quarters don’t have multi-factor authentication, which could mitigate the risk of impersonation attacks.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalDataIOActive said that it has approached some of the banks about vulnerabilities, but argues that necessary efforts need to be taken up by the entire banking industry to protect customers.
