Android banking apps vulnerable to cash theft by CAS hole hackers Hackers can swipe login credentials and other sensitive data from one in 10 Android banking apps, and about six per cent of all Android apps, IBM researchers warn. Users should avoid using the vulnerable apps, which were built using Apache Cordova up to version 3.5.0, until they have been updated to squash the bug. Big Blue's …
"Users should avoid using the vulnerable apps, which were built using Apache Cordova up to version 3.5.0, until they have been updated to squash the bug."
Why certainly, I'll get right on that. Which apps would those be again? So sorry that I don't know precisely what frameworks have been used to develop what apps on my phone...
Reports like these are great for FUD, but not so great for solutions.
A little smart design goes a long way.
I have been a happy user of UBS's app for ages and never had a problem and very unlikely will have one either because of a few simple steps:
1) Username/Password only allows you to view details and take no action
2) Username/Password AND physical NFC card AND its PIN allow ordinary banking transactions (bill payment, acct transfers, payment to known parties)
3) Any fresh payment to an unknown party or account cannot be enacted by the app but can only be keyed in and in waiting. Final authorisation must come either via e-banking or at an ATM or in person. Hence money transfer to first time accounts is impossible under all scenarios using the app. Needless to say that the authorisation also requires a combo of the card, its PIN, a unique series on digits and access to one's e-banking account on the web
If ALL the above fail, I still only expose my current/regular accounts there that never seem to have too much money anyway. All of the other accounts are not ebanking enabled and only accept deposits, not withdrawals.
No need to forgo convenience for the sake of a little forethought.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
