(In)secure iOS Mobile Banking Apps – 2015 Edition
Two years ago, I decided to conduct research in order to obtain a global view of the state of security of mobile banking apps from some important banks. In this blog post, I will present my latest results to show how the security of the same mobile banking apps has evolved.
Silly Bugs That Can Compromise Your Social Media Life
A few months ago while I was playing with my smartphone, I decided to intercept traffic to see what it was sending. The first thing that caught my attention was the iOS Instagram app. For some reason, the app sent a request using a Facebook access token through an HTTP plain-text communication. Here is the original request that I intercepted from the Instagram app: POST /api/v1/fb/find/?include=extra_display_name HTTP/1.1 Host: instagram.com Proxy-Connection: keep-alive Accept: */* Accept-Encoding: gzip, deflate Content-Length: 337 Content-Type: multipart/form-data; boundary=Boundary+0xAbCdEfGbOuNdArY Accept-Language: en;q=1, es-MX;q=0.9, fr;q=0.8, de;q=0.7, zh-Hans;q=0.6,…
Personal banking apps leak info through phone
For several years I have been reading about flaws in home banking apps, but I was skeptical. To be honest, when I started this research I was not expecting to find any significant results. The goal was to perform a black box and static analysis of worldwide mobile home banking apps. The research used iPhone/iPad devices to test a total of 40 home banking apps from the top 60 most influential banks in the world.