You’d think the app available from your bank would be secure. Though some prefer to use third party financial apps like Mint, the app on offer from your financial institution is believed to be the more secure option. According to a new study, that’s not the case. About 90% of all banking apps were found to be compromised, possibly allowing hackers access to your accounts and information.
Sadly, Sanchez also found that in most cases (70% of the time), the banks have no alternative authentication. Even log files, such as crash reports, logged sensitive information that could be used for zero-day exploits. Perhaps most troubling, Sanchez reports “Internal functionality exposed via plaintext connections (HTTP) could allow an attacker with access to the network traffic to intercept or tamper with data.Moreover, 20% of the apps sent activation codes for accounts though plainttext communication (HTTP).”
Though the testing was done via iOS, this affects all of us. While there may be backend stopgaps via your bank to thwart nefarious activity, the fact that the apps are so insecure is concerning. You trust your banking institution with your money. You should be confident they are handling your information correctly, too.