A report from security assessment firm IOActive suggests that most mobile banking apps for iPhone and iPad are full of flaws.
IOActive researcher Ariel Sanchez recently studied the security features of 40 mobile banking apps for iOS, including the apps used by some of the world's leading financial institutions.
Attacks at the coffee shop?
These attacks are more likely to happen on untrusted networks like WiFi hotspots, which makes mobile banking from public locations like coffee shops less of a convenience and more of a nightmare waiting to happen.
In his blog post, Sanchez notes that phishing attacks that utilize cross-site scripting have become very popular lately, often resulting in the theft of a victim's login credentials. In a typical attack, the user might be asked to re-enter his or her username and password "because the online banking session has expired." Such an attack can give cybercriminals full access to a customer's bank accounts.
Sanchez offered some recommendations for developers of mobile banking apps to consider in the future. These include tightening the security of transfer protocols for all connections made, enforcing SSL certificate checks by the client application, encrypting data using iOS's own data protection and removing all development code from the released application.