How financial institutions are risking customer data through insecure mobile apps
New research from Aite Group and Arxan Technologies has found major security shortcomings in mobile applications offered by various financial institutions. Of the 30 apps that were inspected, 29 could easily be reverse-engineered because the code was not sufficiently protected, while 27 applications shared services with other software and 25 apps did not store data in a secure manner.
In addition, 24 of the 30 apps used flawed encryption methods and 21 applications did not properly block access to sensitive data. The discovered flaws could enable threat actors to take control of user accounts and to commit various other crimes at the expense off users, including identity theft and identify fraud.