Of Special Interest
Filters
- Consumer confidence in banks, credit card providers and investments remain stable as demand supercharges digital finance says Toluna research
- Nuapay data reveals strong consumer demand for Open Banking and better payment experience
- US banks see IT modernisation as a way to improve customer experience
- Risk mitigation in global trade depends on digitisation-Andrew Raymond, CEO, Bolero International comments
- Juniper Research new study says the volume of B2B payments facilitated by non-banks will exceed 53 billion in 2022, from a COVID-related low of 38 billion in 2020
- CMA issues fifth publication over 3 years of the service quality league table of personal and business current account providers
- Barclays says scammers take advantage of COVID-19, cashing in on nations’ uncertainty
- S&P Global report says financial market infrastructure sector's earnings likely to cool off In second half
- Global banking market capitalisation slumps by over 30% amid pandemic says Buyshares research
- Digital wallet spend in Europe & North America to increase by 40% in 2019, finds study
- Juniper forecasts mobile money transactions will exceed 200 billion by 2024
- Banks can save the world from climate change, says former UN climate chief
- Research by NatWest reveals gender divide over attitudes to saving
- Europe’s big bank problem: too much capital is trapped in the US, says Scope
- Later-Life lending market set to almost double in the next 10 years, finds report
- Barclays/Cebr report challenges nation to think differently about wealth
- Fifth of UK investors looking to debt investment, new research reveals
- Regtech will play a more important role in PSD2, says Mitek
- Banks turn to Fintech partnerships to improve customer experience, finds Fraedom
- New industry code to tackle fraud must deliver, says Which?
- New TTF report highlights loss of trust in financial services
- Arxan highlights financial app vulnerability epidemic
- SAS asks whether banks really need to choose between operations and innovation
- Which? raises alarm as almost 1,700 free ATMs become fee-charging
- Financial wellness affects half of peoples’ mental or physical health, finds report
- Study finds traditional financial institutions embrace Fintech disruption
- Grass is greener for environmentally friendly businesses, finds Barclays
- Prospective homeowners would consider a 40-year mortgage to escape renting, finds Santander
- Millennials’ needs are changing the face of banking industry, says new report
- FS is putting consumer data at risk by failing to protect mobile apps, says Arxan
- A lack of belief in their ability holds 28% women back in work, says Cambridge & Counties
- ‘Which?’ reveals Scotland has lost over a third of its bank branches in eight years
- Next downturn unlikely to be as bad as 2008, according to S&P
- FCA reveals findings from first cryptoassets consumer research
- US consumers favour single mobile app for banking and payments
- Banks suffering major IT shutdowns every day, ‘Which?’ reveals
- The US will be a key offshore centre in 2019, says GlobalData
- Debit industry changes markedly in 10 years of the Debit Issuer Study
- UK's ‘Big Five’ face ‘too big to compete’ as small challengers secure stellar returns
- Banks as vulnerable now as before crash, says new study
- Leverage ratio a constant conundrum for European and US banks, says SNL
9th April 2019
FS is putting consumer data at risk by failing to protect mobile apps, says Arxan
Trend
Arxan Technologies has announced the findings of a new research report, which reveals widespread security inadequacies and protection failures among consumer financial applications, leading to the exposure of source code, sensitive data stored in apps, access to back-end servers via APIs, and more.
Senior cybersecurity analyst Alissa Knight of research and advisory firm Aite Group authored the study, entitled “In plain sight: The vulnerability epidemic in financial services mobile apps”. Ms Knight examined the mobile apps of 30 financial institutions (FIs) downloaded from the Google Play store across eight financial services sectors.
Using tools readily available on the internet, she found nearly all of the applications could easily be reverse engineered allowing access to sensitive information stored inside the source code. The research highlights a systemic lack of application appropriate protection such as application shielding, threat detection, encryption, and response technology across financial services apps.
Key findings from the research include:
• Lack of Binary Protections — 97 per cent of all apps tested lacked binary code protection, making it possible to reverse engineer or decompile the apps exposing source code to analysis and tampering
• Unintended Data Leakage — 90 per cent of the apps tested shared services with other applications on the device, leaving data from the FI’s app accessible to any other application on the device
• Insecure Data Storage — 83 per cent of the apps tested insecurely stored data outside of the apps control, for example, in a device’s local file system, external storage, and copied data to the clipboard allowing shared access with other apps; and, exposed a new attack surface via APIs
• Weak Encryption — 80 per cent of the apps tested implemented weak encryption algorithms or the incorrect implementation of a strong cipher, allowing adversaries to decrypt sensitive data and manipulate or steal it as needed
• Insecure Random-Number Generation — 70 per cent of the apps use an insecure random-number generator, a security measure that relies on random values to restrict access to a sensitive resource, making the values easily guessed and hackable
“During this research project, it took me 8.5 minutes on average to crack into an application and begin to freely read the underlying code, identify APIs, read file names, access sensitive data and more. With FIs holding such sensitive financial and personal data — and operating in such stringent regulatory environments — it is shocking to see just how many of their applications lack basic secure coding practices and app security protections,” said Ms Knight.
“The large number of vulnerabilities exposed from decompiling these applications poses a direct threat to financial institutions and their customers. These resulting threats ranged from account takeovers, credit application fraud, synthetic identity fraud, identity theft and more. It’s clear from the findings that the industry needs to address the vulnerability epidemic throughout its mobile apps and employ a defence-in-depth approach to securing mobile applications — starting with app protection, threat detection and encryption capabilities implemented at the code level.”
To download the full research report, visit: https://www.arxan.com/resources/downloads/aite-research-financial-mobile-apps
