On the heels of the news of PayPal’s vulnerable iPhone application, The Wall Street Journal broke news of additional vulnerabilities in other major financial institutions’ smart phone applications. These security flaws were uncovered by computer and mobile forensics firm, viaForensics, who tested smart phone applications from Bank Of America, Chase, TD Ameritrade, USAA, Wells Fargo and Vanguard, in addition to PayPal.
viaForensics has been communicating and coordinating with the financial institutions to address the flaws. Most of the institutions were able to quickly resolve the issues and release new versions of their applications.
viaForensics has retested the applications as of November 3, 2010 and released the results through appWatchdog, their powerful free service which tests publicly available mobile applications for insecure transmissions or storage of sensitive user data. The service measures such factors as how securely the app handles user names and passwords. If not handled properly, security lapses can place the user at risk for data and financial theft. A deeper audit is offered through appSecure, which provides sophisticated security testing and recommendations for securing the app.
Information on viaForensics’ services can be found on their website at viaforensics.com.
The Wall Street Journal story, “Banks Rush to Fix Security Flaws in Wireless Apps,” can be found at online.wsj.com/.
viaForensics (viaforensics.com) is an innovative computer/mobile security firm providing expert mobile forensics and mobile data recovery services to law enforcement, corporations, attorneys and others. Additionally, viaForensics offers liveForensics, which provides continuous forensic monitoring of critical systems and a risk alert dashboard.
Andrew Hoog is a computer scientist, computer/forensics researcher and Chief Investigative Officer at viaForensics. He is currently writing books on iPhone and Android forensics, which are set to be released in early 2011.