Virtually all banking web apps are vulnerable to hackers, study finds

By Mark Coppock April 16, 2018

Using a computer today feels a bit like walking through a minefield, at least when we are using them to access or share personal and sensitive information. That is particularly true for our financial information, where the wrong person getting access to our data could mean a whole lot of pain. According to a recent study, using our bank’s web application is one of the biggest mines that we probably don’t know about.

The news comes via security firm Positive Technologies, which looked at web application security in a recent report. The results are disturbing, to say the least, with every web application tested in 2017 having at least one vulnerability, and with 94 percent having at least one vulnerability that was characterized as “high-severity.”

Recommended Videos

According to Leigh-Anne Galloway, Positive Technologies’ cybersecurity resilience lead, “Web applications practically have a target painted on their back. A large number of unfixed, exploitable vulnerabilities is a windfall for hackers, who can use these flaws to steal sensitive information or access an internal network. Fortunately, most vulnerabilities can be discovered long before an attack ever happens. The key is to analyze application source code.”

The results were even worse when looking strictly at banking and finance web applications, which made up 46 percent of the test group. Every one of the banking and finance web applications covered in the report suffered from high-severity vulnerabilities. As the organization points out, these applications are also the most attractive to hackers and so their vulnerabilities are of particular concern.

Furthermore, the data shows that 87 percent of banking and government web applications are open to attacks against users, with cross-site scripting vulnerabilities present in 82 percent of the tested web applications. That makes them good targets for phishing attacks that can infect user PCs with malware.

Clearly, the banking industry has work to do to clean up its web applications. As always, the presence of these kinds of vulnerabilities serve as a reminder that we all need to be constantly vigilant in monitoring our financial data, because we never know which online transaction will be the one that opens us up to an attack.

Topics

Computing Writer

Mark Coppock is a Freelance Writer at Digital Trends covering primarily laptop and other computing technologies. He has…

Computing

The best inkjet printers of 2024: tested and reviewed

The EcoTank ET-3850 is a rare printer that lets me print envelopes from my phone.

Inkjet printers are incredibly versatile, printing text documents, labels, color graphics, and pictures in great detail. Some models are good enough to create professional photographic-quality prints. All-in-one inkjet printers add scan, copy, and fax, making them a good choice for small businesses and home offices.

We've reviewed inkjets from the best printer brands and collected our top recommendations to help you find a reliable solution that fits your needs for the best printer to buy.
The best overall inkjet printer: Canon MegaTank Pixma G3270

Computing

Apple defends the M4 Mac mini’s power button

The underside of the M4 Mac mini, showing its vent and power button.

Apple announced a new wave of product refreshes recently, and not only does the charging port for the Magic Mouse remain on the bottom of the device -- the M4 Mac mini's power button has been moved to the bottom, too. These design choices have riled up plenty of people, but it seems Apple stands by its new power button placement for the Mac mini.

In a video posted on Chinese social media platform Bilibili, Apple's Greg Joswiak not only defends the decision but praises it. He calls it a "kind of optimal spot for a power button," claiming that you just need to "kinda tuck your finger in there and hit the button."

Computing

Is AI already plateauing? New reporting suggests GPT-5 may be in trouble

A person sits in front of a laptop. On the laptop screen is the home page for OpenAI's ChatGPT artificial intelligence chatbot.

OpenAI's next-generation Orion model of ChatGPT, which is both rumored and denied to be arriving by the end of the year, may not be all it's been hyped to be once it arrives, according to a new report from The Information.

Citing anonymous OpenAI employees, the report claims the Orion model has shown a "far smaller" improvement over its GPT-4 predecessor than GPT-4 showed over GPT-3. Those sources also note that Orion "isn’t reliably better than its predecessor [GPT-4] in handling certain tasks," specifically coding applications, though the new model is notably stronger at general language capabilities, such as summarizing documents or generating emails.