Research carried out by Zimperium, a mobile security firm from Texas says that most banking apps in the United States have security flaws exposing user data to hackers. This includes the apps downloaded on Android and iOS platform leading to cyber risks such as communication at risk, data leaks and flaws allowing hackers to spy on the devices.
Zimperium says that most financial apps were using open-source codes scrapped from GitHub that are either infrequently updated or were almost 3 years old. Worst in the finding was the discovery of apps sharing data with at least one advertising agency.
For reason, the Dallas based mobile security company did not name the banks whose apps were discovered to be filled with security lapses including those offering communication via an unencrypted HTTP connection.
One of the Android apps was also found to be not validating HTTPS certificates paving way for man-in-the-middle attacks. Moreover, some banking apps working on iOS platforms were seen taking screenshots, provisioning data to cyber crooks.
Zimperium which is into the business of creating mobile threat defense software says that most of the banking apps were vulnerable to malware campaigns such as BankBot which acts as a source to download fake apps from Google Play Store.
Thus, the role of financial regulators such as the US Federal Reserve plays a vital role in curbing such as mobile threats. They say that mobile banking channels should improve in the way they operate. Otherwise, the risks might exponentially explode in real.
