It's mighty convenient to load up a mobile
banking app with a slick interface as opposed to logging into the website via your smartphone's web browser, but in doing so, you may inadvertently be putting yourself at a greater risk of so-called mail-in-the-middle attacks, hijack attempts, and other unfriendly behavior. A recent study suggests that mobile banking apps for iOS
may be less secure than you think.
A researcher at IOActive tested 40 mobile apps
from 60 of the leading banks from around the world. His various tests covered transport security, compiler protection, UIWebViews, insecure data storage, logging, and binary analysis. What he found is pretty alarming.
Some 40 percent of the audited apps did not validate the authenticity of SSL certificates presented, which makes them susceptible to man-in-the-middle attacks. Almost all of them -- around 90 percent -- contained several non-SSL links throughout the application. According to IOActive
"Home banking apps that have been adapted for mobile devices, such as smartphones and tablets, have created a significant security challenge for worldwide financial firms. As this research shows, financial industries should increase the security standards they use for their mobile home banking solutions," the report concludes.