The revelation reflects a serious problem for the banking industry and, as the use of these applications increase , the trend is that the situation will worsen . The researcher Ariel Sanchez of IOActive , indicates that faults found allow the interception of sensitive data , install malware and even taking full control of the apparatus of victims .
To generate your report, the researcher studied the apps for iPhone and iPad for 40 of the 60 largest banks in the world. The major flaws are described below :
- Some ( less than 20 % ) did not have resources capable of reducing the risk of attacks by memory corruption ;
- 40 % of apps not sanctioned the authenticity of SSL certificates ;
- 50 % of injections were vulnerable to JavaScript through insecure implementations of the UIWebView . In some cases , native iOS features were exposed , allowing even send SMS and email from the victim machine ;
- 90 % contained multiple non - SSL encrypted links in your code , which allows the interception of traffic and the injection of JavaScript or HTML codes .
0 comments:
Post a Comment