Source: Information Security Buzz
Criminals can Brute Force or Intercept Credentials to
Two in Three Remote Banking Applications
The total number of critical vulnerabilities in financial applications fell in 2016, however the overall severity level of the identified vulnerabilities grew significantly. The most common vulnerabilities relate to flaws in mechanisms for identification, authentication, and authorization of users with two in three remote banking applications vulnerable to brute force attacks. These are the findings detailed in a report, published today by Positive Technologies, of its financial application security assessments performed throughout 2016.
In 2016, online banking services grew in popularity thanks to contactless payment systems: PayPass and payWave were joined by NFC-based Apple Pay and Google Wallet on smartphones. However, the security of web and mobile banking has not kept up. These banking methods harbor the vulnerabilities and threats typically encountered in application development. The difference is that, in the case of banking applications, these vulnerabilities have serious consequences—theft, unauthorized access to client data and sensitive bank information, and significant reputational losses.
The assessment of banking applications in 2016 demonstrated that the share of critical vulnerabilities grew by 8%, and medium-severity vulnerabilities by 18%. Production systems had an average of twice as many vulnerabilities as those still in development. Applications developed by third party vendors had on average twice as many vulnerabilities as applications developed in-house.
Most online banking applications (71%) contained flaws in their implementation of two-factor authentication. 33% of online banking…
Click here to read more