silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,176
More than three-fourths (76 percent) of mobile banking vulnerabilities can be exploited without physical access to the device is just one of numerous sobering findings from Positive Technologies in a report released today.
The research, which began in 2019, did not name the banks or the apps that have been downloaded more than 500,000 times each from Google Play and Apple’s App Store. [....]
Generally, iOS devices fared better than Android with Apple apps rating no vulnerabilities “worse than medium,” but they still were still deficient. By contrast, Android banking apps contained “high-risk” vulnerabilities.
Positive Technologies stated that the reason why 100 percent of banking clients contain code vulnerabilities is that they don’t protect against code injection and repackaging. In addition, the code contains the names of classes and methods.
The report noted that all attackers need to do to exploit code vulnerabilities is download the application from Google Play or the App Store and then decompile it.
Vulnerabilities and threats in mobile banking
In 2019, we chose 14 fully featured mobile banking applications for our research. This report summarizes client- and server-side vulnerabilities in mobile banking applications related to faults in application code, client–server interaction, and implementation of security mechanisms. None of the...
www.ptsecurity.com