wordpress blog stats
Connect with us

Hi, what are you looking for?

29 mobile banking apps in India are vulnerable to attacks, says Wegilant report

Could customers be sitting on a security tinderbox while using mobile banking applications? Over 70% of apps from banks in the Asia-Pacific region are vulnerable to attack and data leaks on the Android operating system, says Wegilant a mobile security company. Wegilant said that it had sampled the top 100 banks in the Asia-Pacific region, of which 33 were Indian banks and the company found security vulnerabilities in 29 Indian banks’ applications. *

“Most of the mobile banking apps failed and many didn’t employ even the basic security checks expected. The communication between the apps & their servers is still in the unencrypted format i.e. in HTTP instead of HTTPS,” the report added.

Wegilant also says that most of the apps are vulnerable to security attacks with 82% apps carrying high severity vulnerabilities in them and that on an average, 14 security bugs per app are present. “Surprisingly, we found 5 mobile banking apps which had more than 50 security vulnerabilities in each of them,” the report noted. Wegilant also says that 38% of the apps had improper content permissions vulnerabilities, 33% of the apps had an intent spoofing vulnerabilities and 22% of the apps were missing broadcaster permissions in them.

Intent spoofing refers to an attack where a malware induces undesired behaviour by forging an intent, fooling users into sharing their secure data with the hacker’s servers.

bank app security 1

bank app security 2

bank app security 3

 

Methodology of the security tests

Wegilant performed the security analysis on Appvigil, a security application the company developed, which requires only the executable .APK file of an Android app and sourced them from the Google Play store. The app performed a static analysis where it examines the bytecode structure of the app to look for any vulnerable connection and patterns. Then it performs a dynamic analysis where the run time behaviour of the apps was tested against the vulnerabilities in an emulated environment.

Indian Overseas Bank mobile app test 

Earlier in March, Wegilant had conducted a test on an informational application of Indian Overseas Bank and had found some security vulnerabilities. However, the company clarified on its blog that the app used was not the official net banking app of Indian Overseas Bank. It further mentions that IOB users that the said vulnerability was not found in the net banking app of IOB and that they are safe.

*Update: There was some discrepancy in the number of Indian banks applications which had security vulnerabilities. AppVigil gave us some clarity in terms of absolute numbers. The headline reflects the same.

You May Also Like

News

The Indian government has amended the internet shutdown rules, formally known as the Temporary Suspension of Telecom Services Rules, to restrict the validity of...

News

The National Payments Corporation of India (NPCI) plans to diversify its shareholding by on-boarding 131 new partners and raise ₹81.64 crore in equity share...

News

Unified Payment Interface (UPI) payment volumes increased by 15.1% to 2.07 billion in October 2020 over the previous month, per data published by the...

News

In the wake of the Covid-19 pandemic, Axis Bank Ltd’s digital channels have aided the private bank’s deposit and retail lending business. According to...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2018 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to Daily Newsletter

    © 2008-2018 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ