How secure is your Mobile Banking Application?

A recent client side only test of mobile banking applications that run on the iOS platform uncovered some  some of the following vulnerabilities:

  • 12.5% of the audited apps did not validate the authenticity of the SSL certificates presented, which makes them susceptible to Man-in-The-Middle (MiTM) attacks.
  • 35% of the apps contained non-SSL links throughout the application. This allows an attacker to intercept traffic and inject arbitrary JavaScript/HTML code in an attempt to create a fake login prompts or similar scams.
  • 30% of the apps did not validate incoming data and were vulnerable to JavaScript injections via insecure UIWebView implementations allowing client-side attacks.
  • 42.5% of the apps provided alternative authentication solutions to mitigate the risk of leaking user credentials and impersonal attacks.
  • Additionally the study also showed that 40% of the apps still leak information about user activity or client-server interactions, such as requests or responses from the server.

More To Explore

Cybersecurity and The Music Industry

Musicians need to look at cybersecurity in the same manner as they configure their personal security teams.  

Our team has been called to support musicians who have been subject to ransomware attacks.  Truth be told. It’s typically too late when we get the call.  Paying the ransomware has consequences and risks.