It’s no secret that mobile finance and banking has grown in popularity over the past year, which is a rise that experts say is likely to remain well beyond the pandemic.
A new report from the digital rights management organization Intertrust, however, details how mobile finance apps remain incredibly vulnerable as this uptick in usage continues.
Intertrust’s 2021 State of Mobile Finance App Security Report shows that banks and financial companies aren’t always protecting their mobile customers from potential cyber crime. More than 80 percent of financial apps are actively leaking data, the report notes, and more than three-quarters of these apps have at least one critical vulnerability that could be exposed by hackers.
“As mobile finance apps increasingly enter people’s everyday lives, it’s vital to understand the security risks associated with these apps and the ways to help mitigate them,” said David Maher, Chief Technology Officer and Executive Vice President at Intertrust.
As noted in a separate report, phishing attempts jumped by 125 percent in 2020, as cyber criminals followed the digital crowds to focus on mobile banking apps.
Malware was listed as the most common hacking threat to these financial apps by the Intertrust report. In 2020, more than 156,000 new trojan viruses were found on mobile banking apps, which doubled the amount detected the year prior.
Some malware attacks have even directly disguised themselves as COVID-19 contact tracing apps. When downloaded to a phone, they can take a user’s personal banking information.
Other popular hacking methods have been ones centered around cryptocurrency apps and accounts, according to the report. Hackers have propped up apparent cryptocurrency converters on the official Android and Apple app stores that spread the Cerberus trojan malware when downloaded, which is able to steal banking info, secretly survey phones and intercept communication. Experts say there are hundreds of these phony cryptocurrency apps that have popped up recently in an effort to steal financial info.
Intertrust also put itself into the never-ending battle of Android vs. Apple, finding that 70 percent of finance apps on Apple’s iOS have at least one critical vulnerability. That is compared to Android devices, in which 84 percent of such apps were critically vulnerable in at least one area.
Insecure data storage, insufficient cryptography and insecure communication were among the most common security flaws across both operating systems.
Mobile app security also varies widely by region. About one in every five U.S. finance apps had more than 10 vulnerabilities, per the report. The United Kingdom had the best ranking in cybersecurity when it came to its banking apps. A mere 7 percent of UK financial apps had more than 10 vulnerabilities.
Forty-nine percent of all payment apps have encryption key extraction vulnerabilities. That means that nearly half of all finance apps studied can potentially be hacked by cybercriminals and leave confidential payment information exposed.
Among the types of finance apps that are most vulnerable to cyberattacks, banking apps generally have the most flaws in their security frameworks, according to Intertrust. The report found more vulnerabilities in banking platforms than on apps for payments, investments or lending. Thirty-five percent of banking apps had more than 10 vulnerabilities and 81 percent had at least one critical security flaw. The most secure of these platforms were lending apps, largely because they are more limited in scope than traditional banking apps.
Intertrust also listed recommendations for software developers who work with mobile apps in the financial services industry. These recommendations include not storing sensitive data in insecure locations where it remains vulnerable to cybercrime. Instead, information should be protected using secure encryption tech or using strong data obfuscation technologies.
“Poor financial app security puts both financial organizations and their customers at risk, especially given the rise in cyberattacks over the course of the pandemic,” Maher said. “This report shines a light on the ongoing threats and helps finance app vendors understand the importance of building in security mechanisms from day one.”
You can check out the full Intertrust 2021 State of Mobile Finance App Security Report here.
Disclosure: This article mentions a client of an Espacio portfolio company.