A vulnerability in Android applications built on the Apache Cordova platform has sparked new fears over mobile banking.
If attacked, the hacker could steal enough banking details to perform transactions, including the withdrawal or transfer of funds from one bank account to another.
According to research by the IBM Security X-Force, nearly 6% of apps use this platform. Around 10% of the apps tested using Cordova were banking applications.
In a blog post, Roee Hay, lead of the application security research team at IBM, said millions of users of Android Cordova-based apps are at risk of having sensitive information, such as their login credentials, stolen, which would allow attackers to “impersonate them, access their accounts and even make purchases on their behalf”.
While the IBM Cyber Security Intelligence Index stated that 95% of successful attacks or security incidents were caused by human error, hackers continue to aggressively seek out such vulnerabilities to exploit.
IBM said that before publishing the security flaw, it privately took its concerns to the Cordova team, which has released patches in its latest version.
The digital identity firm found that 75% of those surveyed were concerned about data loss. They were also highly concerned that losing their phone would lead to identity theft.
Intercede found most consumers were unwilling to use mobile banking services at all. Consumers aged between 18 and 24 were found to be the least trusting of mobile banking services, with 60% of this age group refusing to make mobile payments and 52% claiming they would never use PayPal.
There is still a growing concern that people are lacking knowledge of mobile security. A number of those surveyed said they gave applications access to their data, 76% of participants allowed social media apps to stay logged in to accounts, while 60% used weak passwords that are easy to remember instead of keeping more complex ones.
Research carried out by software company Intelligent Environments found that 79% of 2,000 consumers questioned were prepared to replace passwords with biometric security.