Software : Most iPhone banking apps vulnerable to hacking |
Most iPhone banking apps vulnerable to hacking Posted: A report from security assessment firm IOActive suggests that most mobile banking apps for iPhone and iPad are full of flaws. IOActive researcher Ariel Sanchez recently studied the security features of 40 mobile banking apps for iOS, including the apps used by some of the world's leading financial institutions. All of the apps that Sanchez tested could be installed and run on jailbroken devices, which have been modified by the user to accept apps unauthorized by Apple. Running an app on a jailbroken device lets attackers circumvent the security features built into iOS and access the restricted resources of other apps on a user's device. In an IOActive blog post outlining his research, Sanchez noted that 40 per cent of the apps tested had compromised transport mechanisms and 90 per cent had non-SSL links. This leaves app users susceptible to 'man-in-the-middle' attacks. In such attacks, users may be redirected to malicious sites where their login information can be stolen. Attacks at the coffee shop?These attacks are more likely to happen on untrusted networks like WiFi hotspots, which makes mobile banking from public locations like coffee shops less of a convenience and more of a nightmare waiting to happen. In his blog post, Sanchez notes that phishing attacks that utilize cross-site scripting have become very popular lately, often resulting in the theft of a victim's login credentials. In a typical attack, the user might be asked to re-enter his or her username and password "because the online banking session has expired." Such an attack can give cybercriminals full access to a customer's bank accounts. Sanchez offered some recommendations for developers of mobile banking apps to consider in the future. These include tightening the security of transfer protocols for all connections made, enforcing SSL certificate checks by the client application, encrypting data using iOS's own data protection and removing all development code from the released application. |
Snapchat is sorry again, this time for an explosion in 'Snap Spam' Posted: Another day, and another case of 'SNAFU' at Snapchat. This time the company is eating humble pie for the large number of spam messages received by some users over the weekend. The messaging service is adamant that the rise in spam has nothing to do with the recent breach that saw 4.6m user account details posted online, but more to do with more traditional spam suffered by all popular social services. "We've heard some complaints over the weekend about an increase in Snap Spam on our service," the company wrote on its official blog. "We want to apologize for any unwanted Snaps and let you know our team is working on resolving the issue. As far as we know, this is unrelated to the Find Friends issue we experienced over the holidays." More negativityFollowing the PR disaster it experienced during Christmas, Snapchat would have hoped for a few weeks where it avoided any negative press. The company has, at least, apologised this time, but still intimated the instance of spam was more down to how popular the service was becoming, rather than through any fault of its own. Team Snapchat added: "While we expect to minimize spam, it is the consequence of a quickly growing service. To help prevent spam from entering your feed, you can adjust your settings to determine who can send you Snaps. We recommend "Only My Friends" :)" |
You are subscribed to email updates from TechRadar: All latest Applications news feeds To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
Google Inc., 20 West Kinzie, Chicago IL USA 60610 |
No comments:
Post a Comment