Mobile banking apps are exposing user data to attackers

Banking written in red surrounded by coding

Positive Technologies has found that 14 banking apps available on iOS and Android were affected by vulnerabilities.

In 2019, Positive Technologies assessed the security level of a number of banking apps and found vulnerabilities in each one. Per the report, each vulnerability could be traced to faults in the application code, client-server interaction and the implementation of security mechanisms.

On the user-side, Positive Technologies found 13 out of 14 applications unwittingly gave attackers access to user data. For more than a third of the banking apps tests, vulnerabilities could be exploited without administrator rights. Further, 76% of these vulnerabilities could be exploited without the attacker having physical access to the account holder’s device.

On the server-side, researchers found servers contained 54% of all vulnerabilities identified in the study. According to Positive Technologies, each mobile bank had an average of 23 server-side vulnerabilities. Plus, at five out of seven banks, hackers were able to steal user credentials and at one-third of banks, users’ card information is at risk of being stolen.

Though these statistics are staggering enough, the FBI recently revealed a 50% increase in attacks against mobile banking apps since the beginning of 2020. In its announcement, the FBI said it expects threat actors to attempt to exploit mobile banking customers by using a variety of techniques, such as app-based banking Trojans and even fake banking apps.

To protect themselves, users should use two-factor authentication along with a strong password.