Leak in ING Mobile Banking app
A Dutch security researcher has found a communication error between Android smartphones and the bank was poorly protected The Mobile Banking app of the ING bank has been for months vulnerable to abuse.
Bart Jacobs, professor of Computer Security at the Radboud University, was surprised. "It's a disgrace that this error was made. This is a very basic security which is not thought of. This is why the ING in security circles laughed hard. " A bug in the app showed that the SSL certificate of the Bank can not be verified.
This makes the app not only business with ING, but possibly also with criminals. An internet browser shows just such control over a green closed padlock in the address bar. In their "three knocks" campaign, the banks ask their customers to always check. T
he Mobile Banking app ING did not own. Floor Terra, the first discoverer of the leak is not expected that ING would have forgotten this basic protection, but nothing was further from the truth. "I was shocked, the app ING did not check whether or not communicating with the bank.
An attacker can thus communication between the nest and amount or account number change. I then immediately contacted the ING. " Professor Jacobs: "That they have to discover. ING has its quality is not in order. I would worry about me when I'm in the management of ING would be.
With this kind of apps, banks have made concessions in favor of convenience. It would be better if banks there would be more transparent about. " ING after a conversation with Terra immediate action and a mandatory user of an Android phone to perform an update. Since 20 March, there is an update for iPhone users.
ING said its use of the Mobile Banking app is safe and that there is no leakage through fraud. ING Comment: Our customers can safely use the Mobile Banking App. Hundreds of thousands of customers make daily use of the app.
Both safety and ease of use so we do absolutely no concessions. Safety is a very high level. The app is tested and secured in many ways, not always fully visible to outside experts. Since its launch in November 2011 there are no instances of fraud detected. Of course we want it that way.
A team of specialists works every day to the further development of our services through the Mobile Banking App for safety and ease of use continue to operate.
In developing the app, we listen carefully to the users. We have received tips from customers to improve the app. Thus we have following these tips recently added the address book.
Also in the field of safety recommendations we get we explore and, where relevant to take over. We are very grateful for all our customers' valuable feedback and take this very seriously.