C3Subtitles: 31c3: (In)Security of Mobile Banking

(In)Security of Mobile Banking

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
This talk presents a deep analysis of banking mobile apps available in the world. Based on static and dynamic analysis as well as on the analysis of the final source code we show that a vast majority of them are not respecting users' privacy and users' data protection. Worse a few of them contains critical bugs

Mobile banking is about to become the de facto standard for banking activities. Banking apps – on smartphones and tablets - are widespreading more and more and this evolution aims at strongly limiting the classical access to bank (physical, through PC browser, through ATM…). The aim is first to cut the cost but also to make the personal data explode.
Then three critical issues arise. Since we entrust those mobile applications by feeding them with passwords, private information, and access to one of the most critical part of our like (money):
• Do those applications protect our private life and especially which kind of information is leaking to the bank?
• Are they containing vulnerabilities that could be exploited by attackers?
In this talk, we are going to present a deep analysis of many banking apps collected in the world. We have performed static and dynamic analysis based on the binaries AND the source code. We will show that almost all apps are endangering our private data (sometimes severely) but in a few cases the presence of vulnerabilities are extremely concerning. While we tried to contact all the relevant banks for a free, detailed technical feedback and to help them fixing their apps, we will explain that a few of them did not care about this feedback and therefore did not want to take any security measure.
This talk contains demos and operational results on existing apps.

Talk ID
Saal 6
9:45 p.m.
Security & Hacking
Type of
Paul Irolla
Talk Slug & media link
0.0% Checking done0.0%
0.0% Syncing done0.0%
0.0% Transcribing done0.0%
100.0% Nothing done yet100.0%

English: Transcribed until

Last revision: 9 months, 1 week ago