Mobile Banking Apps For iOS Woefully Insecure

Posted by Soulskill on Friday January 10, 2014 @11:06AM from the raise-your-hand-if-you're-surprised dept.

msm1267 writes "Mobile banking applications fall short on their use of encryption, validation of digital certificates and two-factor authentication, putting financial transactions at risk worldwide. An examination of 40 iOS mobile banking apps from 60 leading banks worldwide revealed a slew of security shortcomings that also included hard-coded development credentials discovered during a static analysis of app binaries. It's a mess, and to date, most of the banks have been informed and none have provided feedback indicating the vulnerabilities were patched."

1 of 139 comments (clear)

Min score:

Reason:

Sort:

Re:You Must Be Crazy ... by burne · 2014-01-10 11:35 · Score: 3, Informative

No need to, it's built into the OS. It even has a nice cli to handle starting, stopping and logging. ttysnoop.
However, getting sufficient permissions is the hard bit, especially for a remote attacker.