Skip to main content

Half of mobile banks are vulnerable to cyberattacks

(Image credit: Shutterstock)

The majority of mobile banking apps (opens in new tab) are vulnerable to threats, according to a new report from Positive Technologies. What’s more, most of the vulnerabilities are from server-side, not client-side.

Testing mobile banking apps for an “acceptable” level of security, the company found the greatest threat from client-side is unauthorised data access, with 43 percent of apps storing valuable data on the device itself and in cleartext.

Vulnerabilities in most mobile banking apps (opens in new tab) (76 percent) can also be exploited without physically accessing the device, and more than a third of these flaws can be exploited even without admin privileges, the report states.

iOS seems to be faring better than Android, given that none of the Android banking apps tested have flaws worse than “medium” severity, while almost a third (29 percent) of Android apps have high-risk flaws. This, the report argues, is due to the fact that Android developers have “more freedom of implementation”.

When it comes to the server side, each mobile bank has 23 vulnerabilities on average. Almost half of these (43 percent) are found in business logic, which can result in “significant losses and legal complications.”

“We urge that banks do a better job of emphasising application security throughout both design and development. Source code is rife with issues, making it vital to revisit development approaches by implementing SSDL practices and ensuring security at all stages of the application lifecycle," said Olga Zinenko, Analyst at Positive Technologies.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.