Thursday, January 16, 2014

Security flaws in 90% of banking applications - iOnline

About 90% of banking applications have security holes, researcher concluded IOActive.

Ariel Sanchez also said that the more applications you use, the faults can be detected.

The same source pointed out that among the problems encountered is the interception of sensitive data, installing malware and taking full control of the apparatus of victims.

The researcher came to these conclusions after having investigated apps for iPhone and iPad for 40 of the 60 largest banks in the world.

major flaws found were less than 20% of these applications lacked features that reduce the risk of attacks by corrupted memory, 40% not validating the authenticity of SSL certificates, and 50% were vulnerable to injections via JavaScript insecure implementations of the UIWebView.

The researcher also found that in some cases the very features of iOS were exposed, allowing the sending of SMS and e-mails from the victim machine. Among these, 90% contained multiple non-SSL encrypted links in your code, making it possible to intercept traffic and injecting HTML or JavaScript code.

No comments:

Post a Comment