Financial Institutions are Risking Customer’s Data. And Money.
Banks are very good at security. Certain kinds of security, that is.
They have vaults with really cool doors.
Many banks have armed guards. And alarms.
In some cities they put tellers in cages to protect them (that is NOT a great metaphor).
But when it comes to developing software, they are subject to the same challenges that everyone else developing software deals with.
So it shouldn’t be much of a surprise that banking software for your phone is not as secure as it should be.
According to a recent report of 30 mobile banking apps offered by financial institutions, almost all of the apps could be reverse engineered by hackers revealing account information, server information and other non-securely stored data.
According to the report, 97% of the apps tested lacked the proper code protections. 90% of the apps shared services with other apps on the device. 83% of the apps stored data insecurely. You get the idea.
And that is not the end of it. For more information on what the apps are doing wrong, read the Tech Republic Article below.
So what should you be doing?
Believe it or not, bank web sites are probably more secure than their apps. For one thing, the web sites run on servers owned or controlled by the banks. Your phone is, to be polite, a cesspool when it comes to security. All those apps, Many that were there when you bought the phone and a lot that you can’t remove, even if you want to.
General phone cyber hygiene helps. Don’t install any apps that you don’t need to. Remove apps that you don’t use any more, if you can. Patch your phone’s operating system and apps whenever patches are available.
To the degree that you can avoid installing banking apps (I know they want you to use it), that is more secure.
Unfortunately, the report does not list which apps it tested and which apps came up on the wrong side of the security story. Needless to say, the banks are not going to tell either. My guess is that the researchers are worried about being sued. Which does not help us.
Do look for third parties that review apps for security. Since most people don’t ask whether their money is secure, I haven’t found many, but keep looking.
If I find more information, I will post it.
Source: Tech Republic.