Weak Security In Most Mobile Banking Apps

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Holy cow, eight out of ten? That isn't the most comforting news to get during the holiday shopping season. :(

Security experts this month tested 275 Apple iOS- and Android-based mobile banking apps from 50 major financial institutions, 50 large regional banks, and 50 large U.S. credit unions. Overall, they found that eight out of 10 apps were improperly configured and not built using best practices software development. T
Click to expand...
 
You would be crazy to put any of that shit on your phone....
 
Who would be THAT stooopid to put their banking info, etc on their phone? You can lose a phone, it can be stolen, cloned, the data siphoned out, etc, etc. The whole concept is just nutz. :eek::rolleyes::p
 
I'm guessing that people who leave banking info on their phone are the same ones that give facebook a phone number.
 
LeninGHOLA said:
I haven't even made a Google account for my phone.
Click to expand...

Ummm...
8R8Jb.gif
 
LeninGHOLA said:
You don't have to set up a Google account for an Android phone...
Click to expand...

Verizon forced me to sign up for one. It has never been used since then. I honestly cannot wait to get out of my contract so that I can move to a cheaper network with a Windows phone.
 
amdgamer said:
Verizon forced me to sign up for one. It has never been used since then. I honestly cannot wait to get out of my contract so that I can move to a cheaper network with a Windows phone.
Click to expand...

Mine is a work phone. Obviously my phone lacks some functionality without a Google account, but Verizon didn't force Google accounts as these aren't personal contracts.
 
What are you expecting? First is to get the app working. Then working well. Then fixing the bugs you missed. Then selling as many licences as you can to turn a profit on it.

Security is at the very bottom of the SW development thought process.

Understand people: The Internet is not secure. Traffic over the Internet, no matter how encrypted, is not secure. Get that through your heads ASAP. If you don't want people to know about it, don't connect it to the Internet.

*Is a Software Engineer
 
gamerk2 said:
What are you expecting? First is to get the app working. Then working well. Then fixing the bugs you missed. Then selling as many licences as you can to turn a profit on it.

Security is at the very bottom of the SW development thought process.

Understand people: The Internet is not secure. Traffic over the Internet, no matter how encrypted, is not secure. Get that through your heads ASAP. If you don't want people to know about it, don't connect it to the Internet.

*Is a Software Engineer
Click to expand...

What if I can't live without the internet?
 
From the sounds of it, these findings are all pretty low risk... not much to worry about (at the moment). With that said, hopefully stories like these will light a fire under their developers asses to make mobile banking as secure as possible.

I'm, personally, a huge fan of banking online. As with any kind of online transaction though, you just have to be smart about it.
 
I've alway been skeptical of these apps, but I still can't deny the convenience of being able to photo deposit a check.
 
1. If you read the article they clearly state these are minor things, and aren't even related to the programming of the client or server.
2. To all the tinfoil hats, using a mobile banking app does not "put your banking info on your phone". It (should at least) requires a password to access data already stored online by the bank. Unless of course you guys avoid online banking as well, and stick strictly to mailing your checks?
 
Do they break down Apple vs. Android apps that are poorly designed? I haven't RTFA but I'd venture ot guess it was the Android versions that were most likely insecure.
 
Walking around with a pocket sized device that has access to your bank account seems like a pretty stupid idea anyway.
 
LeninGHOLA said:
Mine is a work phone. Obviously my phone lacks some functionality without a Google account, but Verizon didn't force Google accounts as these aren't personal contracts.
Click to expand...

Lucky.

I homestly cannot stand the fact that they required me to sign up for a Google account, but then again I am counting down to when I can switch networks. Verizon is great, but they are expensive.

I opened up my gmail account they forced onto me for kicks earlier, and there are over 1000 pieces os spam in an account that has never been used.
 
You must log in or register to reply here.
Back
Top