Smartphone owners are accustomed to trust your applications, especially if they relate to the banking sector. However, according to experts of the company IO Active, most banking applications are very insecure and in need of major improvement.
Security researchers tested forty applications for iOS that serve sixty banks worldwide. The test results were very disappointing.
40% of applications reviewed by experts, were vulnerable to attacks “man in the middle» (MITM). These apps do not check the authenticity of SSL-certificates provided by the server. In addition, 20% of the applications have disabled Stack Smashing Protection and no Position Independent Executable (PIE), helping to reduce the risk of memory destruction attacks.
Half of the studied applications are vulnerable to cross-site scripting attacks, and more than 40% of critical information is left in the system logs. However, the greatest concern is the fact that 90% of applications contain links that are not protected by SSL-protocol. According to the researchers, on iOS-device, which was done the jailbreak, you can install any, even an insecure application.