Slashdot Mirror

← Back to Stories (view on slashdot.org)

Major Security Holes Found In Mobile Bank Apps

Posted by Soulskill on from the and-you-can-take-that-to-the-uh-nevermind dept.

NeverVotedBush writes with this excerpt from CNet: "A security firm disclosed holes today in mobile apps from Bank of America, USAA, Chase, Wells Fargo and TD Ameritrade, prompting a scramble by most of the companies to update the apps. ... Specifically, viaForensics concluded that: the USAA's Android app stored copies of Web pages a user visited on the phone; TD Ameritrade's iPhone and Android apps were storing the user name in plain text on the phone; Wells Fargo's Android app stored user name, password, and account data in plain text on the phone; Bank of America's Android app saves a security question (used if a user was accessing the site from an unrecognized device) in plain text on the phone; and Chase's iPhone app stores the username on a phone if the user chose that option, according to the report. Meanwhile, the iPhone apps from USAA, Bank of America, Wells Fargo, and Vanguard and PayPal's Android app all passed the security tests and were found to be handling data securely."

2 of 107 comments (clear)

  1. Re:Standard Banking Client by Doc+Ruby · · Score: 0, Flamebait

    I've written lots of software for banks, for a good chunk of money.

    While the regulators need changing to truly protect us from banks, we just took a big step backwards this week by putting Republicans back in charge of that legislation. They are busy deregulating again, though the most they'll probably get is monkeywrenching the new regulations. The reason the legislators can't be trusted is because Americans are stupid, and vote for corrupt legislators, even when that's obviously what they're getting.

    Which is why I'd like better tools to protect us from banks. That is the reality. I can tell from your comment that you're not really qualified to give advice on the reality of financial institutions.

    --

    --
    make install -not war

  2. Re:Other apps installed also are of concern by Wovel · · Score: 0, Flamebait

    Really you got your Paypal login information stolen by a sniffer App on a non-jailbroken iPhone. Where was the news story? (I am serious). Oh right there isn't one because you are not telling the truth. Either A: You jailbroke your iPhone and installed a bunch of random crap and then decided it was a good idea to use it for financial transactions too or B. You are full of shit. I vote B...