Popular fintech apps expose valuable, exploitable secrets

2023-03-06 04:30

92% of the most popular banking and financial services apps contain easy-to-extract secrets and vulnerabilities that can let attackers steal consumer data and finances, according to Approov.

92% of the apps leaked valuable, exploitable secrets and 23% of the apps leaked extremely sensitive secrets.

"This research shows hardcoding sensitive data in mobile apps is widespread and a massive problem since secrets can easily be extracted. A simple automated scan can show any threat actor how well protected apps are at runtime. Unfortunately, financial apps fall short," Miracco added.

Crypto apps more likely to leak sensitive secrets None of the 650 apps "Ticked all the boxes" in terms of the three attack surfaces investigated.

Only four apps had runtime protection against channel MitM attacks and "Man-in-the-device." All were payment and transfer apps and none were in the U.S. In general, apps deployed in Europe were better protected than apps available only in the U.S., for immediate secret exposure and runtime protections.

Crypto apps were more likely to leak sensitive secrets as 36% immediately offered highly sensitive secrets when scanned.

News URL

https://www.helpnetsecurity.com/2023/03/06/financial-services-apps-vulnerabilities/

#fintech