Could customers be sitting on a security tinderbox while using mobile banking applications? Over 70% of apps from banks in the Asia-Pacific region are vulnerable to attack and data leaks on the Android operating system, says Wegilant a mobile security company. Wegilant said that it had sampled the top 100 banks in the Asia-Pacific region, of which 33 were Indian banks and the company found security vulnerabilities in 29 Indian banks' applications. * "Most of the mobile banking apps failed and many didn't employ even the basic security checks expected. The communication between the apps & their servers is still in the unencrypted format i.e. in HTTP instead of HTTPS," the report added. Wegilant also says that most of the apps are vulnerable to security attacks with 82% apps carrying high severity vulnerabilities in them and that on an average, 14 security bugs per app are present. "Surprisingly, we found 5 mobile banking apps which had more than 50 security vulnerabilities in each of them," the report noted. Wegilant also says that 38% of the apps had improper content permissions vulnerabilities, 33% of the apps had an intent spoofing vulnerabilities and 22% of the apps were missing broadcaster permissions in them. Intent spoofing refers to an attack where a malware induces undesired behaviour by forging an intent, fooling users into sharing their secure data with the hacker’s servers. Methodology of the security tests Wegilant performed the security analysis on Appvigil, a security application the company developed, which requires only the…
