Mobile Banking Apps Found Lacking Security
IOActive recently tested 40 home banking apps from some of the most influential banks in the world and found most of them lacking in security.
Researcher Ariel Sanchez invested 40 non-consecutive hours to his research and found that 90 percent of the banking app he tested contained non-encrypted links and lacked Jailbreak detection. Addtionally 40 percent of the apps did not validate the authenticity of SSL certificates presented, which could lead to Man-in-the-Middle attacks. And 20 percent of the apps sent plain text activation codes for accounts.
The lack of encryption extended to the device itself, with some of the apps storing sensitive financial details in an unencrypted Sqlite database. If malware were get onto the mobile device, in theory it could obtain that sensitive information.
Sanchez concludes "As this research shows, financial industries should increase the security standards they use for their mobile home banking solutions."
Details of the research can be found here.