Posted by: David Harley | December 19, 2015

IOActive on the security of mobile banking apps

If you’re using banking apps on an iOS device, you might be interested in some research by Ariel Sanchez, following up on his earlier research into the security of mobile banking apps from some major banks. (You might find Paul Ducklin’s commentary for Sophos on the earlier research of interest, too.)

Sanchez’s analysis is restricted to a general consideration, without identifying individual apps or banks. Still, you might find it useful – if mildly disturbing – to see how well (or otherwise) banking apps currently stand up to his testing on:

  • Transport security
  • Compiler protection
  • UIWebViews
  • Insecure data storage
  • Logging
  • Binary analysis

Commentary by John Leyden for The Register here.

It would be interesting to see if the picture is any different on Android, if there’s any comparable research available. (I haven’t seen any, but that doesn’t mean there is none.)

Also posted on the Mac Virus blog.

David Harley


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: