Virtually no mobile phone app is safe from data theft: report

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,176
Content source
https://www.scmagazine.com/home/security-news/virtually-no-mobile-phone-app-is-safe-from-data-theft-report/
More than three-fourths (76 percent) of mobile banking vulnerabilities can be exploited without physical access to the device is just one of numerous sobering findings from Positive Technologies in a report released today.

The research, which began in 2019, did not name the banks or the apps that have been downloaded more than 500,000 times each from Google Play and Apple’s App Store. [....]

Generally, iOS devices fared better than Android with Apple apps rating no vulnerabilities “worse than medium,” but they still were still deficient. By contrast, Android banking apps contained “high-risk” vulnerabilities.

Positive Technologies stated that the reason why 100 percent of banking clients contain code vulnerabilities is that they don’t protect against code injection and repackaging. In addition, the code contains the names of classes and methods.

The report noted that all attackers need to do to exploit code vulnerabilities is download the application from Google Play or the App Store and then decompile it.
Click to expand...
www.ptsecurity.com

Vulnerabilities and threats in mobile banking

In 2019, we chose 14 fully featured mobile banking applications for our research. This report summarizes client- and server-side vulnerabilities in mobile banking applications related to faults in application code, client–server interaction, and implementation of security mechanisms. None of the...
www.ptsecurity.com www.ptsecurity.com
 
  • +Reputation
  • Like
Reactions: upnorth, Protomartyr, Gandalf_The_Grey and 1 other person
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,593
silversurfer said:
www.ptsecurity.com

Vulnerabilities and threats in mobile banking

In 2019, we chose 14 fully featured mobile banking applications for our research. This report summarizes client- and server-side vulnerabilities in mobile banking applications related to faults in application code, client–server interaction, and implementation of security mechanisms. None of the...
www.ptsecurity.com www.ptsecurity.com
Click to expand...
What users should know
All mobile banking applications have security flaws. Our research shows that Android apps are more vulnerable than iOS ones. The vulnerabilities that hackers exploit for fraud and theft are usually the result of coding errors. Avoiding such flaws should be top priority for developers. However, many vulnerabilities cannot be exploited without user interaction. Some attacks require physical access to the device.

Rooting (Android) or jailbreaking (iOS) a device, or not setting a PIN code to unlock the phone, gives attackers more leverage to conduct malicious actions.

Tip for users
Do not jailbreak or root your device. This opens up access to the device file system and disables data protection mechanisms. Set a PIN code to unlock your device. This limits attackers' options even if they have physical access to your phone.

Some attacks require user interaction in the form of clicking a link, installing malware, or entering data on a fake web page.

Tip for users
Do not open links sent by strangers via SMS or chat. Never sideload applications from unofficial sources. Download applications only from official stores like Google Play and the App Store. When deciding what to download, pay attention to information on the app developer and the number of downloads.

Vulnerabilities can also reside in the mobile OS itself. But Google and Apple constantly update their software and release security patches. Users should remember that vulnerabilities become public after fixes are released. Hackers can make use of this to attack devices that don't have the latest updates installed.

Tip for users
Always install the latest updates for your OS and mobile applications.
Click to expand...
 
  • Like
  • +Reputation
Reactions: upnorth, Protomartyr, silversurfer and 2 others
Vitali Ortzi

Vitali Ortzi

Level 22
Verified
Top Poster
Well-known
Dec 12, 2016
1,148
When some games are better at making it harder for some fuzzers to extract plain code in them then most banking apps .
What a time to be alive 😂
 
You must log in or register to reply here.

Similar threads

MuzzMelbourne
    • Like
    • +Reputation
    • Wow
Anatsa Android trojan now steals banking info from users in US, UK
Replies
0
Views
883
News Archive
MuzzMelbourne
MuzzMelbourne
H
    • Wow
    • Like
    • Sad
Victim loses over $20k from credit card and bank accounts after downloading third-party app
Replies
6
Views
1,436
News Archive
Digmor Crusher
Digmor Crusher
Ink
    • Wow
    • Like
    • +Reputation
Temu - A shopping app with a shady malware past (Snopes.com Investigates)
Replies
0
Views
2,195
News Archive
Ink
Ink

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top