Mobile banking apps are exposing user data to attackers

Positive Technologies’ study finds 13 out of 14 banking apps gave attackers access to user data

Positive Technologies has found that 14 banking apps available on iOS and Android were affected by vulnerabilities.

In 2019, Positive Technologies assessed the security level of a number of banking apps and found vulnerabilities in each one. Per the report, each vulnerability could be traced to faults in the application code, client-server interaction and the implementation of security mechanisms.

On the user-side, Positive Technologies found 13 out of 14 applications unwittingly gave attackers access to user data. For more than a third of the banking apps tests, vulnerabilities could be exploited without administrator rights. Further, 76% of these vulnerabilities could be exploited without the attacker having physical access to the account holder’s device.

On the server-side, researchers found servers contained 54% of all vulnerabilities identified in the study. According to Positive Technologies, each mobile bank had an average of 23 server-side vulnerabilities. Plus, at five out of seven banks, hackers were able to steal user credentials and at one-third of banks, users’ card information is at risk of being stolen.

Though these statistics are staggering enough, the FBI recently revealed a 50% increase in attacks against mobile banking apps since the beginning of 2020. In its announcement, the FBI said it expects threat actors to attempt to exploit mobile banking customers by using a variety of techniques, such as app-based banking Trojans and even fake banking apps. 

To protect themselves, users should use two-factor authentication along with a strong password.

Featured Resources

How to choose an AI vendor

Five key things to look for in an AI vendor

Download now

The UK 2020 Databerg report

Cloud adoption trends in the UK and recommendations for cloud migration

Download now

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

Download now

The impact of AWS in the UK

How AWS is powering Britain's fastest-growing companies

Download now

Recommended

Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
Hackers breach a San Francisco water treatment plant
Security

Hackers breach a San Francisco water treatment plant

18 Jun 2021
Putin open to handing cyber criminals over to US
hacking

Putin open to handing cyber criminals over to US

14 Jun 2021

Most Popular

Q&A: Enabling transformation
Sponsored

Q&A: Enabling transformation

10 Jun 2021
Ten-year-old iOS 4 recreated as an iPhone app
iOS

Ten-year-old iOS 4 recreated as an iPhone app

10 Jun 2021
OnePlus 9 Pro review: An instant cult classic
Hardware

OnePlus 9 Pro review: An instant cult classic

7 Jun 2021