You’d think the app available from your bank would be secure. Though some prefer to use third party financial apps like Mint, the app on offer from your financial institution is believed to be the more secure option. According to a new study, that’s not the case. About 90% of all banking apps were found to be compromised, possibly allowing hackers access to your accounts and information.
Ariel Sanchez of IO active labs took to the apps offered by many top banks and tested for compromises. Tested were 40 apps “from the top 60 most influential banks in the world.” In that testing, Sanchez found that 9 out of 10 times, there were security problems. From JavaScript hacking to a false HTML form to be generated, your bank likely has giant security holes throughout the app you use.
Sadly, Sanchez also found that in most cases (70% of the time), the banks have no alternative authentication. Even log files, such as crash reports, logged sensitive information that could be used for zero-day exploits. Perhaps most troubling, Sanchez reports “Internal functionality exposed via plaintext connections (HTTP) could allow an attacker with access to the network traffic to intercept or tamper with data.Moreover, 20% of the apps sent activation codes for accounts though plainttext communication (HTTP).”
Though the testing was done via iOS, this affects all of us. While there may be backend stopgaps via your bank to thwart nefarious activity, the fact that the apps are so insecure is concerning. You trust your banking institution with your money. You should be confident they are handling your information correctly, too.
I’d like to see an actual list of suspect apps.
And watch them all crash an hour later?