Report Shows Major Security Holes in Banking Apps
Friday, 04 19 2019, Category: Technology, Country: World
A security analysis of 30 major banking and financial apps has shown major security holes and a lax approach to protecting user data.
The analysis was conducted by the Aite Group, which looked at mobile apps in eight categories: retail banking, credit cards, mobile payment, healthcare savings, retail finance, health insurance, auto insurance and cryptocurrency.
Among the most alarming finding was the practice of embedding and hard-coding of private certificates and API keys into banking apps. API keys and certificates are the primary means of authenticating a user’s identity and determining their level of access to data; leaving hard-coded versions on an app makes access significantly easier for a would-be hacker to gain far too much access to the data underpinning the apps themselves.
Other findings included improperly secured database commands (capable of allowing man-in-the-middle attacks), weak encryption, and the ability to reverse-engineer the app code into a readable format.
Aite declined to identify the companies behind the apps researched or say whether they had warned the companies about the security holes discovered in their apps.
Source: Cyber Scout