Managed WAF Start at $99

90% of Mobile Banking Apps are Vulnerable

Posted DateJuly 4, 2014
Posted Time 3   min Read

Consider this scenario: Saturday morning, the beginning of your weekend, you are lazing and enjoying your hot cup of tea…and there comes your better half, with a list of bills to pay and grocery and clothes shopping for you to finish! Is your weekend ruined? Not really- because your handy smartphone with multiple useful applications allows you to finish all these tasks online within minutes…but were your transactions secure? 90% of the top mobile banking applications have been found to have serious security flaws. As per the Consumers and Mobile Financial Services 2014, mobile usage saw a huge increase in 2013, with 87% of the US population registering as mobile users, out of which 61% used smartphones. But only 45% of these were comfortable using their phones for financial transactions due to the fear of phone hacking or their apps being infected by malware/viruses. Securing your mobile applications is not an option anymore but a necessity.

Recent threats to mobile applications

Unfortunately, their fear is not baseless. Recently discovered malicious Android application, HijackRAT, is the latest in the list of OS malware, which are targeting mobile banking users. This newest entrant, binds together the old and the new hijacking techniques, into a single piece of advanced malware and masks itself as a “Google Service Framework.” This malicious application, makes a deadly cocktail of private data theft, banking credential theft and spoofing, and remote access into a single unit, as opposed to traditional malware, which can perform only one of these functions.

HijackRAT Malware’s features

This highly advanced malware, hands over the control of the infected device to the hackers and:

  1. Hijacks SMS messages and contacts- can retrieve and send them
  2. Activates installation and updates of malicious applications
  3. Scans the infected device for legitimate banking applications and replaces them with fake ones.

Presence of such malware acts as deterrents for the various mobile users. Concern over the security of the technology is high amongst them and a mere 2% believe that mobile banking is “very safe”.

Can you be mobile as well as secure?

Being aware of the different mobile security issues can help you look for solutions that can prevent them. The most common ways in which a device gets infected with malware are bad apps, malicious websites, fake links on social network sites, spurious messages and insecure network connection. Simple steps can protect you against malware:

  1. Be careful, where you download apps from. Applications should be downloaded only from official app stores.
  2. When downloading an app, read the permissions it requires you to accept, as many of them will ask you to access your address book and share them with third parties. It’s best to avoid such apps.
  3. Be careful of typo errors on your phone. You can fall victim to URL hijacking. For e.g. Typing www.adcbank.com instead of abcbank.com ( Typosquatting, also called URL hijacking or fake url, is a form of cybersquatting, which relies on mistakes such as typographical errors made by users when inputting a website address, which is then taken advantage of by cyber criminals who take you to a malicious website )
  4. When surfing the internet, do not click on suspicious links. Especially while visiting social networks, where enticing links for certain videos, may lure you to a malicious page.
  5. Never respond to a message on your phone, coming from an unknown number. Delete them and do not click on any included links.
  6. Free Wi-Fi…yes, please! The prospect of using a freely available hot-spot at any public place is very tempting, but an insecure network which transmits your data without encryption will definitely put your device at risk. The data transmitted in such a manner can easily be accessed by a cybercriminal, and your passwords, personal information, will all be at his/her mercy.
  7. For enterprises: Mobile application security is of paramount importance. Sign up with a comprehensive mobile application security penetration testing solution, which will scan and protect your applications from malware and vulnerabilities. This will ensure that you are notified of any malicious element lurking in your apps, before its harms your customer’s data.
  8. For consumers: Ensure that the apps that your bank or e-commerce vendor is providing to you, are properly tested and secure. Install timely software updates provided by your OS provider.

Let us help you validate how secure is your mobile application

Stay tuned for more relevant and interesting security updates. Follow Indusface on FacebookTwitter, and LinkedIn

web application security banner

Venkatesh Sundar

Venky is an Application Security technologist who built the new age Web application Scanner and Cloud WAF - AppTrana at Indusface as a Founding CTO. Currently, he spends his time on driving Product Roadmap, Customer Success, Growth, and technology adoption for US businesses.

Share Article:

Join 47000+ Security Leaders

Get weekly tips on blocking ransomware, DDoS and bot attacks and Zero-day threats.

We're committed to your privacy. indusface uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.