The apps of these major banks were just found to have security flaws

Your banking app may not be as safe as you think it is.

Three researchers created a tool to check the security of 400 different apps that require high levels of security, including apps for banking, trading, accessing cryptocurrency and browsing the internet securely.

Nine apps showed the same type of vulnerability, including the apps for HSBC and Bank of America Health — the health savings account website and app for Bank of America. The researchers, from the University of Birmingham in the U.K., revealed the results in a paper at a security conference in Orlando, Fla., on Wednesday.

That vulnerability became apparent during the app’s verification process called “certificate pinning,” said Chris McMahon Stone, one of the researchers. This flaw “was quite subtle and not easy to detect,” he said.

The vulnerable apps were not secure enough and potentially could allow attackers to get the user’s username and password during this certification process. Many websites and apps use certificate services that help them identify their users, he said. The researchers alerted the banks of the flaw, and they have since repaired their apps, he said.

“We thank the University of Birmingham for the opportunity to work together, and we have already taken steps to address this,” said a spokesman for HSBC. “Our mobile banking app uses the highest level of encryption and security to protect our customers and their financial details, and we constantly review and improve our security measures to ensure we keep our customers’ money and personal details as safe as possible.”

Bank of America did not immediately return MarketWatch’s request for comment.

The researchers also found a vulnerability for a “phishing” attack in the apps for banks including Santander, they said. That flaw would allow an attacker to take over part of the user’s screen while they enter their credentials in the app, so they could try to find the credentials and take over the victim’s account. They also worked with those banks to repair the issue, and the apps are now secure, Stone added.

Santander did not immediately return MarketWatch’s request for comment.

Many apps are vulnerable to attacks, not just those used for banking, said Eric Cole, the former cybersecurity chief for President Barack Obama. Attackers can find sensitive information such as log-in credentials at any time if they are successful in taking over a device, he said. That’s why consumers must be careful when clicking on links and opening attachments from anyone they don’t know, which could be malicious.

One way to reduce the likelihood of hacking: Always have the latest version of a bank’s mobile app with the most up-to-date security features. Consumers should never access their bank’s app on public Wi-Fi networks, Stone added.

And don’t download unfamiliar apps, which are likely even more vulnerable than those from reputable institutions like banks, said Adam Levin, the chairman and founder of security firm CyberScout and the author of “Swiped.” Sign up for alerts on banking and credit accounts, he said, to keep track of any suspicious activity in real time.

Filed in: Top News Tags: 

You might like:

Why real-estate investors should steer clear of Turkey Why real-estate investors should steer clear of Turkey
NewsWatch: Meet the tech-savvy upstarts who think they can finally give Realtors a run for their money NewsWatch: Meet the tech-savvy upstarts who think they can finally give Realtors a run for their money
The Wall Street Journal: Trump slams social-media companies for ‘censorship’ of the right The Wall Street Journal: Trump slams social-media companies for ‘censorship’ of the right
Economic Preview: Sky is clear for sunny U.S. economy, but clouds are forming Economic Preview: Sky is clear for sunny U.S. economy, but clouds are forming
NewsWatch: The questions every investor should ask about Trump’s proposal to radically change how companies report earnings NewsWatch: The questions every investor should ask about Trump’s proposal to radically change how companies report earnings
Saving in a 401(k) for the first time? Here’s what you need to know Saving in a 401(k) for the first time? Here’s what you need to know
The Wall Street Journal: Kofi Annan, former UN secretary general, dies at 80 The Wall Street Journal: Kofi Annan, former UN secretary general, dies at 80
What you probably don’t know about Social Security What you probably don’t know about Social Security

Leave a Reply

Submit Comment
© 2018 Stock Investors News. All rights reserved. XHTML / CSS Valid.