Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mobile Banking Apps For iOS Woefully Insecure

Posted by Soulskill on from the raise-your-hand-if-you're-surprised dept.

msm1267 writes "Mobile banking applications fall short on their use of encryption, validation of digital certificates and two-factor authentication, putting financial transactions at risk worldwide. An examination of 40 iOS mobile banking apps from 60 leading banks worldwide revealed a slew of security shortcomings that also included hard-coded development credentials discovered during a static analysis of app binaries. It's a mess, and to date, most of the banks have been informed and none have provided feedback indicating the vulnerabilities were patched."

2 of 139 comments (clear)

  1. Re:You Must Be Crazy ... by 0123456 · · Score: 5, Interesting

    Who's writing keylogging malware for CentOS?

  2. Re:feedback by buddyglass · · Score: 5, Interesting

    I'm responsible for the Android offering of one such vendor. We currently have about 140 small banks running some version of our app. We try to follow most of the security guidelines outlined in this article, but to give our customers added assurance we pay a security company to analyze the most current version of our app (and our back-end services) every six months or so. Not the one responsible for this article, though I imagine they're a competitor of the one we use. Was a good read. I forwarded it to my boss and the coworkers responsible for our iOS app.