Financial Apps Are Vulnerable

Uploaded on 2019-04-08 in FREE TO VIEW, BUSINESS-Services-IT & Telecoms, BUSINESS-Services-Financial

Despite the growing cybersecurity threat targeting mobile financial services applications, many financial institutions are failing when it comes to protecting their apps. 
 
Research conducted by advisory firm Aite Group uncovered widespread security deficiencies among mobile consumer finance apps leading to the exposure of source code, personally identifiable information, account credentials and access to backend systems. 
 
Aite Group examined the protective capabilities of 30 different financial services applications found on the Google Play store. Using commonly available software tools, nearly all of the apps were easily reverse engineered, revealing a systemic lack of application-appropriate protection and coding best practices. 
 
Among the key vulnerabilities the research uncovered:
 
Lack of Binary Protections — 97% of all apps tested lacked binary code protection, making it possible to reverse engineer or decompile the apps exposing source code to analysis and tampering.
 
Unintended Data Leakage — 90% of the apps tested shared services with other applications on the device, leaving data from the financial institution’s application’s app accessible to any other application on the device.
 
Insecure Data Storage — 83% of the apps tested insecurely stored data outside of the application's control, for example, in a device’s local file system, external storage, and copied data to the clipboard allowing shared access with other apps; and exposed a new attack surface via APIs.
 
Weak Encryption — 80% of the apps tested implemented weak encryption algorithms or the incorrect implementation of a strong cipher, allowing adversaries to decrypt sensitive data and manipulate or steal it as needed.
 
Insecure Random-Number Generation — 70% of the apps use an insecure random-number generator, a security measure that relies on random values to restrict access to a sensitive resource, making the values easily guessed and hackable
 
Arxan
 
You Might Also Read:
 
Security Flaw Puts UK Bank Customers At Risk:
 
 
« The Brexit Shaped Gap In UK Cyber Security
Cyber Knowledge The Easy Way »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Skkynet Cloud Systems

Skkynet Cloud Systems

Skkynet is a leader in real-time data systems for the secure management and control of industrial processes (SCADA) and embedded devices (M2M).

Tempered Networks

Tempered Networks

Tempered Networks delivers the first purpose-built platform for IIoT cybersecurity that allows customers to connect and secure devices in minutes without the need for specialized skills.

ITRecycla

ITRecycla

ITRecycla are specialists in the protection of sensitive computer data by data destruction, re-marketing of reusable computer equipment, computer recycling and disposing of electronic e-waste.

Stratus Cyber

Stratus Cyber

Stratus Cyber is a premier Cyber Security company specializing in Managed Security Services. Our services include Blockchain Security, Pentesting, and Compliance Assessments.

DreamIt Ventures

DreamIt Ventures

DreamIt Ventures is an early stage venture fund that accelerates startups building transformative tech products in the fields of Healthtech, Securetech, and Urbantech.

CONCORDIA

CONCORDIA

Concordia is a Cybersecurity Competence Network with leading research, technology, and competences to build the European Secure, Resilient and Trusted Ecosystem.

Orca Security

Orca Security

Orca Security delivers full stack visibility including prioritized alerts to vulnerabilities, compromises, misconfigurations, and more across your entire inventory on all your cloud accounts.

AlertSec

AlertSec

AlertSec Ensure is a U.S. patented technology that allows you to educate, verify and enforce encryption compliance of third-party devices.

Blackfoot Cybersecurity

Blackfoot Cybersecurity

At Blackfoot, we work in partnership with you to deliver on-demand cyber security expertise and assurance, keeping you one step ahead of threats & compliant with regulations.

Kasm Technologies

Kasm Technologies

Kasm Browser Isolation - Protect your organization from malware, ransomware and phishing by using zero-trust containerized browsers.

Maintel

Maintel

Maintel provides cloud and managed communications services. We help our customers to deliver exceptional customer experiences, and to securely access their applications and their data.

Cybersecurity Dubai

Cybersecurity Dubai

Protect your business from cyber-attacks with Cybersecurity Dubai, your partner in online security solutions.

Netcraft

Netcraft

Netcraft is a global leader in cybercrime detection and disruption, combining cutting-edge technology with decades of experience to protect organizations of all sizes from digital threats and attacks.

Cydea

Cydea

Cydea are an optimistic cyber security consultancy of experts in security, data, technology and design that want to build a safer, more secure world where more things go right.

Secure Blink

Secure Blink

Secure Blink provides automated application and API security solutions that empower developers and security engineers to protect critical assets from exploitation.

Bitdefender Voyager Ventures (BVV)

Bitdefender Voyager Ventures (BVV)

Bitdefender Voyager Ventures is an early-stage investment vehicle focused on cybersecurity, data analytics and automation startups.