January 6, 2016

How secure is your Mobile Banking Application?

A recent client side only test of mobile banking applications that run on the iOS platform uncovered some some of the following vulnerabilities:

12.5% of the audited apps did not validate the authenticity of the SSL certificates presented, which makes them susceptible to Man-in-The-Middle (MiTM) attacks.
35% of the apps contained non-SSL links throughout the application. This allows an attacker to intercept traffic and inject arbitrary JavaScript/HTML code in an attempt to create a fake login prompts or similar scams.
30% of the apps did not validate incoming data and were vulnerable to JavaScript injections via insecure UIWebView implementations allowing client-side attacks.
42.5% of the apps provided alternative authentication solutions to mitigate the risk of leaking user credentials and impersonal attacks.
Additionally the study also showed that 40% of the apps still leak information about user activity or client-server interactions, such as requests or responses from the server.

More To Explore

Cybersecurity and The Music Industry

Musicians need to look at cybersecurity in the same manner as they configure their personal security teams.

Our team has been called to support musicians who have been subject to ransomware attacks. Truth be told. It’s typically too late when we get the call. Paying the ransomware has consequences and risks.

May 4, 2023 No Comments

CMMC-AB Standards Committee hosts the fourth Standards Podcast

Regan Edens, Chair of the CMMC-AB Standards Committee, hosts the fourth Standards Podcast. He is joined by Jeff Dalton, Chair of the Certification and Accreditation

February 22, 2021 No Comments

Ransomware Disrupts Operations at Packaging Giant WestRock

Originally Posted on Dark Reading: Incident is another reminder of how vulnerable OT environments are to attack, security experts say. Operations at $17 billion packaging

February 2, 2021 No Comments