Smartphone owners are accustomed to trust your applications, especially if they relate to the banking sector. However, according to experts of the company IO Active, most banking applications are very insecure and in need of major improvement.
Security researchers tested forty applications for iOS that serve sixty banks worldwide. The test results were very disappointing.
40% of applications reviewed by experts, were vulnerable to attacks “man in the middle» (MITM). These apps do not check the authenticity of SSL-certificates provided by the server. In addition, 20% of the applications have disabled Stack Smashing Protection and no Position Independent Executable (PIE), helping to reduce the risk of memory destruction attacks.
Half of the studied applications are vulnerable to cross-site scripting attacks, and more than 40% of critical information is left in the system logs. However, the greatest concern is the fact that 90% of applications contain links that are not protected by SSL-protocol. According to the researchers, on iOS-device, which was done the jailbreak, you can install any, even an insecure application.
An expert from the IO Active Ariel Sanchez said that by adding to the application links without the SSL, hackers can intercept the traffic and execute arbitrary JavaScript / HTML code to create a fake invitation to enter user’s credent.
“Moreover, 50% of applications are vulnerable to injection attacks via unprotected execution JavaScript UIWebView. In some cases, the functionality of the native iOS will be compromise, enabling attackers to send SMS-messages or emails to the victim’s device “- said Sanchez.
Do you need SSL certificates? The store of certificates entrusted by years and millions of visitors — LeaderSSL. Buy a certificate from a trusted brand.
Comments