Of Special Interest
- New industry code to tackle fraud must deliver, says Which?
- New TTF report highlights loss of trust in financial services
- Arxan highlights financial app vulnerability epidemic
- SAS asks whether banks really need to choose between operations and innovation
- Which? raises alarm as almost 1,700 free ATMs become fee-charging
- Financial wellness affects half of peoples’ mental or physical health, finds report
- Study finds traditional financial institutions embrace Fintech disruption
- Grass is greener for environmentally friendly businesses, finds Barclays
- Prospective homeowners would consider a 40-year mortgage to escape renting, finds Santander
- Millennials’ needs are changing the face of banking industry, says new report
- FS is putting consumer data at risk by failing to protect mobile apps, says Arxan
- A lack of belief in their ability holds 28% women back in work, says Cambridge & Counties
- ‘Which?’ reveals Scotland has lost over a third of its bank branches in eight years
- Next downturn unlikely to be as bad as 2008, according to S&P
- FCA reveals findings from first cryptoassets consumer research
- US consumers favour single mobile app for banking and payments
- Banks suffering major IT shutdowns every day, ‘Which?’ reveals
- The US will be a key offshore centre in 2019, says GlobalData
- Debit industry changes markedly in 10 years of the Debit Issuer Study
- UK's ‘Big Five’ face ‘too big to compete’ as small challengers secure stellar returns
- Banks as vulnerable now as before crash, says new study
- Leverage ratio a constant conundrum for European and US banks, says SNL
17th May 2019
Arxan highlights financial app vulnerability epidemic
At the recent European Digital Banking Summit, VP of Global Marketing at Arxan Technologies, Deborah Clark McGinn, presented a session titled: “The vulnerability epidemic in mobile financial apps – what does your code reveal?”, discussing the findings of a joint six-week research study with the Aite Group’s Senior Analyst and White-Hat Hacker, Alissa Knight, into the security of 30 global mobile financial apps.
Using commonly available software tools, Arxan and Aite discovered nearly all of the apps could easily be reverse engineered – in less than nine minutes on average – exposing sensitive information such as personally identifiable information, account credentials, intellectual property, QA/test and production API URLS, private certificates, and API keys/locations.
Delving into the research methodology, demographics of the apps analysed, the vulnerabilities found in each mobile app, and the potential consequences that improperly secured apps can open up for Financial Institutions, attendees gained insight into:
• Common app vulnerabilities and the sensitive information they can reveal
• Top development mistakes that lead to data exposure
• Strategies for implementing app protection into the software development lifecycle
Ms Clark McGinn said: “The widespread security inadequacies and protection failures among these critical consumer financial applications is startling and presents a direct threat to both the financial institutions and their customers. The systemic lack of application security protection such as application shielding, threat detection and encryption could lead to the exposure of source code, sensitive data stored in apps, access to back-end servers via APIs, and so much more.
“Financial Institutions need to recognise how big the attack surface really is and put in the appropriate measures to mitigate the risk posed by such attacks. Financial services are meant to be leaders in security due to the highly confidential and sensitive data that they handle. Now is the time for them to act and address the biggest vulnerabilities in their armour so that they can effectively secure their application environment.”