The security of mobile banking applications is being compromised by software installed by device makers and network operators, security firm MWR InfoSecurity warns.
An investigation by the firm’s research arm, MWR Labs, reveals that as many as 64% of manufacturer-added applications are exposing users to serious security issues, and that Android handsets are particularly at risk due to the sheer volume of devices now running the operating system.
Speaking on the final day of the Mobile World Congress, Harry Grobbelaar, MWR’s managing director for South Africa, said the problem will get worse as more Android device makers embed NFC in their smartphones. “[I]f the software in the phones is not secure, the risk will then be even higher.”
MWR notes that security vulnerabilities in manufacturer and carrier-added software could be targeted by malicious applications downloaded inadvertently by consumers. Those apps may then be able to access contacts, make and record calls, and open the door for further malicious apps to be downloaded to the device.
“The move by consumers away from PCs for online banking to mobile platforms will inevitably be followed by the criminal gangs who have been successfully targeting online banking for years,” Grobbelaar states.