Bancsec Advisor‎ > ‎

Banking Mobile Apps Largely Vulnerable

posted Feb 11, 2014, 5:13 PM by web admin   [ updated Feb 11, 2014, 5:13 PM by Kyle Horst ]

(January 14, 2014)

IOActive Labs Research analyzed 40 home banking iOS apps from some of the most influential banks around the world.  The results show that many of the apps revealed sensitive information through system logs, contained hardcoded credentials, or were vulnerable to attacks such as Man-in-The-Middle (MiTM), Cross-Site Scripting (XSS), and JavaScript/HTML injection.  All of the apps could be installed on jailbroken iOS devices and 90% contained several non-SSL links.  To better protect customers, mobile banking apps should enforce SSL certificate checks, ensure secure transfer protocols are used for all connections, and protect client-side data with encryption.

Relevant URL(s): and