Of all the mobile apps out there your personal banking app is likely to be the most secure, right? Wrong! A researcher recently discovered several security vulnerabilities in 40 personal banking apps from 60 of the world's biggest banks.
The research also found that almost half of the apps tested do not validate the authenticity of the SSL Certificates being presented.
According to a recent article posted on the , Ariel Sanchez from IOActive found that 90% of the apps contain non-SSL links.
"Home banking apps that have been adapted for mobile devices, such as smart phones and tablets, have created a significant security challenge for worldwide financial firms." -Ariel Sanchez, IOActive
All SSL is not the same. SSL is critical when making a secured connection. But a secure connection to a bad actor does you no good. When connecting securely to exchange login credentials, payment information, or private information, it's critical that you make a secured connection to someone you trust. Cheap SSL Certificates enable privacy, but offer no authentication that the organization on the other end is who they claim to be.
Hackers can obtain SSL Certificates, but high assurance Certificate Authorities like ¶ºÒõ¹Ý only issue SSL Certificates to parties that undergo identify verification. That means that when you see a ¶ºÒõ¹Ý certificate, you can be sure that the bank you're working with is really the bank you expect it to be, not a hacker with a phishing web site.
Validated SSL Certificates, especially Extended Validation or EV SSL Certificates with the green bar provide trust when creating a connection online. Secure SSL is more than just encryption, SSL done right means online trust.
Sanchez recommends that affected financial institutions take the following precautions:
The next time you're presented with a $20 Cheap SSL Certificate, remember the adage "you get what you pay for". Authentication and trust matter, are you willing to put your organization's reputation at risk and putÌýcustomer data at risk?
Choosing the right SSL is first step in the process, followed by ensuring that connections are secured and that sensitive data stored is protected. Learn more about andÌýkeep your information safe.