Problems and vulnerabilities still abound in mobile banking apps despite improvement over the last two years.
Security consultant Ariel Sanchez of IOActive has returned to research a topic carried out two years ago to achieve a global view on the state of mobile banking app security.
He discovered that five of 40 audited mobile banking apps for iOS in use around the world failed to validate authenticity of SSL certificates presented. This exposes them to Man-in-The-Middle (MiTM) attacks.
Research on binary and file systems showed that 15 percent of the apps store unencrypted and sensitive information such as personal details of customers' banking accounts and transaction histories.
Sanchez said in a blog post, “Although the numbers are down overall, there are still a high number of apps storing insecure data in their file system. Many of them are still susceptible to client-side attacks. While overall security has increased over the two-year period, it is not enough, and many apps remain vulnerable.”