Mobile banking may have made lives easier but think twice the next time you reach out for a smartphone to do a monetary transaction. Nearly 90% of all Indian mobile banking apps are vulnerable to security attacks and data leaks, a recent report by an IIT-Bombay start-up has found.
Mobile security company Wegilant analysed 100 top mobile banking apps in India and the Asia Pacific region using an automated tool for scanning security loopholes and found 983 different kinds of vulnerabilities in 70 of the apps. Out of these, 29 of 33 Indian banking apps were found to be exposed to spoofing and data leakage, indicating the insecurity of financial data.
“We found multiple security loopholes, even in premium apps. Most of the mobile banking apps failed and many didn’t employ even the basic security checks expected. The communication between the apps and their servers is still in the unencrypted format i.e. in HTTP instead of HTTPS,” said Toshendra Sharma, founder of Wegilant.
Indian Bank Association chairman TM Bhasin, however, refuted the charges, saying all banks took a lot of precautions and conducted several levels of checks.
“All banks spent a lot on technology; elaborate consultation and research take place and it is passed after being checked by the ministry of information and communication technology. There is no threat as such for the fact that till date not a single case of spoofing or phishing has been reported,” said Bhasin.
India has witnessed explosive growth in the number of mobile phone subscription in the past few years and is poised to cross the one billion mark by the end of the year.