Banking apps for mobile devices are increasing in popularity. Estimates by the financial-services firm TowerGroup suggest there will be 53 million people using mobile-banking apps by 2013.
There are however many security advocates who have concerns about the whole question of apps. Spencer Ante of the Wall Street Journal raises a warning in: “Banks Rush to Fix Security Flaws in Wireless Apps.” Here is the lead paragraph:
“A number of top financial companies and banks such as Wells Fargo, Bank of America and USAA are rushing out updates to fix security flaws in wireless-banking applications that could allow a computer criminal to obtain sensitive data like usernames, passwords, and financial information.”
The same article mentions viaForensics, a company specializing in securing mobile applications, as the firm discovering the vulnerabilities. The question is, why is this even happening? It is not complicated. Our banking credentials should be considered sacred, period.
On a good note, viaForensic’s web site mentions their researchers are working with the affected financial institutions: “Since Monday (1 November), we have been communicating and coordinating with the financial institutions to eliminate the flaws.“
The blog post goes on to say: “Since that time, several of the institutions have released new versions and we will post updated findings shortly”.
In the quote, viaForensics mentioned publishing new test results. That refers to their online service called appWatchdog.
Within days and to their credit, most of the banking firms pushed out updates to remove the vulnerabilities.