Skip to: [ search ] [ menus ] [ content ] Select style [ Aqua ] [ Citrus ] [ Fire ] [ Orange ] [ show/hide more content ]

Holey mobile bank apps!

Today the security research firm, viaForensics, disclosed security “holes” in mobile bank applications from Bank of America, USAA, Wells Fargo, Chase, and TD Ameritrade. Communications between viaForensics and the financial institutions have occurred since November 1, 2010 and the findings reflect testing that was completed on November 3. viaForensics will post udated findings, since several of the financials have since released new versions of the apps.

The company reported findings to The Wall Street Journal earlier today, and then posted on its site. Yesterday, viaForensics published about problems with PayPal’s iPhone app, and PayPal pushed out a fix.

Specific flaws in the wireless apps cited by viaForensics were summarized by CNET’s Elinor Mills:

“Specifically, viaForensics concluded that: the USAA’s Android app stored copies of Web pages a user visited on the phone; TD Ameritrade’s iPhone and Android apps were storing the user name in plain text on the phone; Wells Fargo’s Android app stored user name, password, and account data in plain text on the phone; Bank of America’s Android app saves a security question (used if a user was accessing the site from an unrecognized device) in plain text on the phone; and Chase’s iPhone app stores the username on a phone if the user chose that option, according to the report.”

The iPhone apps from USAA, Bank of America, Wells Fargo, and Vanguard, and PayPal’s Android app, all passed the security tests.

The responses of financial institutions to the disclosures are given in the CNET article.

-Bill at

Cheshire Cat Photo™ – “Your Guide to California’s Wonderland™”

You can view higher-resolution photos (*generally* 7-30 megabytes, compressed) at the Cheshire Cat Photo™ Pro Gallery on Shutterfly™, where you can also order prints and gifts decorated with the photos of your choice from the gallery. The Cheshire Cat Photo Store on Zazzle contains a wide variety of apparel and gifts decorated with our images of California. Framed prints and prints on canvas can be ordered from our galleries on redbubble®. All locations are accessible from here. Be a “Facebook Fan” of Cheshire Cat Photo here! If you don’t see what you want or would be on our email list for updates, send us an email at

©2010 William F. Hackett. All Rights Reserved.

No Comments to “Holey mobile bank apps!”

  (RSS feed for these comments)

You must be logged in to post a comment.

InspectorWordpress has prevented 52153 attacks.
Get Adobe Flash player