Many Mobile Banking Apps Have Exploitable 'Coding Errors'
Gov Info Security
Researchers at Positive Technologies investigated 14 mobile banking apps that run on Android or iOS and found that 13 failed to prevent unauthorized access to user data. Each of the apps examined in the study had had been downloaded from app stores more than 500,000 times, according to the research report, which does not identify the apps.
The analysis shows that none of the 14 apps studied had an acceptable level of security and that several of the applications contained security flaws and could be exploited without physical access to the smartphone or other mobile device used, according to the report. These types of vulnerabilities can lead to brute-force attacks, man-in-the-middle schemes and the distribution of malware, such as banking Trojans, the researchers say.
Such attacks could provide access to sensitive information, such as the personal banking data and payment card details. Attackers could also gain unauthorized access to the application and commit fraud and steal funds, the report asserts.