Last week a security researcher spent 40 hours testing iPhone and iPad banking apps from the top 60 most influential banks in the world and his findings were shocking.
40 of those 60 apps were found to have major security vulnerabilities, which is not something you’d expect to find in an app which connects you to your bank.
The conducted tests were split amongst six separate areas: transport security, compiler protection, UIWebViews, data storage, logs and binary analysis. Severe weaknesses were found in all 6 of these areas.
40% of the apps don’t validate the authenticity of SSL certificates, meaning that they’re vulnerable to man in the middle (MiTM) attacks
A staggering 90% off the apps contain non-SSL links, which could allow an attacker to intercept traffic thus giving them the opportunity to create a fake login page.
At a time when banks are using their mobile apps as a competitive differentiator, you’d think that they’d thoroughly test their apps for security flaws with techniques such as penetration testing, to ensure that the risks of internet banking are minimised.