Saturday, November 6, 2010

Security 101 Flaws in Mobile Banking Apps

It might be a new platform, but we seem to be repeating the same old flaws yet again.

WSJ.com - Banks Rush to Fix Security Flaws in Wireless Apps  

Poor designs are being made for the fundamental security design of mobile banking applications. Think clear text username and password stored on the client device. 

This would be an obvious mistake for a normal web application, but the risk is magnified when we move from a model where clients are using desktop/laptop computers into mobile devices that are much more prone to be lost or stolen.


In our rush to get new apps to the market, let's not forget our basic security design principles.


-Michael Coates