70% of Top 100 Mobile Banking Apps Vulnerable, Warns Appvigil

CIOReview Team | Wednesday, 01 April 2015, 09:05 IST

A report released by Wegilant, An IIT Bombay Incubated Company, states that mobile banking apps of Top 100 banks in Asia Pacific Region (APAC) are prone to attack from hackers. More than 30% of these apps are from Indian Banks. These are the apps which facilitate users to make financial transactions through their Mobile devices. Recently, huge numbers of apps in Google Play have been targeted by hackers and malware, with financial apps particularly susceptible to attacks.

The amount of threats we’ve found in these apps was appalling as 70% of the apps were found vulnerable to hackers with at least one security issue. With intent spoofing and improper component permissions, a malicious user can cause great harm to the banks and customers, which in turn can damage its reputation and trust build over the years” said Toshendra Sharma, CEO of Wegilant. “We help financial institutions build more secure apps and train their teams to overcome security challenges faced during their product development life cycle.”, Toshendra added.

In a report by Gartner, 25% of Global banks will have their banking apps available to its customers, by 2016 and (https://www.gartner.com/newsroom/id/2758617) serving 1.75 Billion users worldwide by 2019. (https://www.juniperresearch.com/press-release/digital-banking-pr1). With prime focus on product interface and features, BFSI institutions put security on a back seat.

One of the prime issues found in nearly 80% of these apps was Intent spoofing. Intent spoofing is an attack where a malicious application induces undesired behaviour by forging an intent. An example of this, could be launching the Webview of an application by a malicious app, injecting javascript to change the content of the view (if Javascript has not been set to false in the Webview) and thereby fooling the users to submit some secure information to their hacker server.    

Wegilant has also launched a free Android app for consumers to solve this problem. Appvigil app is the first of its kind app in the World which empowers users to identify which apps in their phone are hackable and can potentially compromise their data.

Wegilant has shared this report on their website https://appvigil.co. “The Mobile threat landscape is drastically changing by the day and this makes our task more and more challenging. Our goal is to secure all Indian Banks from Mobile banking frauds by 2016”, concludes Toshendra.