The Devil in the Details: Vulnerabilities in 30 Financial Services Mobile Apps

New research by Aite Group identifies vulnerabilities in 30 financial institution (FI) mobile apps, revealing a widespread absence of application security

Boston, MA (Apr. 4, 2019) – When a financial institution’s mobile app can be decompiled, adversaries can access sensitive information inside the source code, which may lead to a range of exploits against the FI or its customers. And there is no shortage of evidence that hackers are actively seeking to leverage those vulnerabilities. Application shielding as well as threat detection and response can strengthen the security of mobile apps, but if financial services companies fail to apply these technologies to their apps, they leave a monumental attack surface exposed.

Aite Group’s latest report, The Devil in the Details: The Vulnerabilities in 30 Financial Services Mobile Apps, highlights the findings from a research campaign that Aite Group conducted over a six-week period to analyze FIs’ mobile apps.

“Despite the growing threat of bad actors targeting FIs through targeted apps and malware, FIs are still failing to write secure code and apply adequate application security technology, such as app shielding with code obfuscation, encryption, and threat analytics capabilities, to their mobile apps,” explains Alissa Knight, senior analyst at Aite Group.

This report analyzes the perceived security of FIs’ mobile apps across every vertical in financial services. To conduct this research, Aite Group decompiled the mobile applications of 30 FIs over a six-week period, and the report details the specific vulnerabilities and consequences, accentuating the prodigious size of this problem.

Types of vulnerabilities in financial institutions' mobile apps (Aite Group)

Types of vulnerabilities in financial institutions’ mobile apps (Aite Group)

This report analyzes the perceived security of FIs’ mobile apps across every vertical in financial services. To conduct this research, Aite Group decompiled the mobile applications of 30 FIs over a six-week period, and the report details the specific vulnerabilities and consequences, accentuating the prodigious size of this problem.

This 21-page Impact Report contains eight figures and three tables. This report mentions [24]7.ai, Aptoide, Buffer, Google, the Internal Revenue Service, Instagram, McDonald’s, Microsoft, Panera Bread, PayPal, PortSwigger, Rakuten, Salesforce, Facebook, Snap, T-Mobile, TutuApp, TweakBox, Twitter, and WhatsApp.

Click here for the online report summary or to download the table of contents.  Clients of Aite Group’s Life Insurance service can download this report, the corresponding charts, and the Executive Impact Deck.

About Aite Group

Aite Group is a global research and advisory firm delivering comprehensive, actionable advice on business, technology, and regulatory issues and their impact on the financial services industry. With expertise in banking, payments, insurance, wealth management, and the capital markets, we guide financial institutions, technology providers, and consulting firms worldwide. We partner with our clients, revealing their blind spots and delivering insights to make their businesses smarter and stronger. Visit us at www.aitegroup.com.

Source: Aite Group

Tags: , , , , ,