Digital Media Net - Your Gateway To Digital media Creation. News and information on Digital Video, VR, Animation, Visual Effects, Mac Based media. Post Production, CAD, Sound and Music
Inadequate Protection of API Keys at Runtime Places Consumer Data and Treasure at Sharp Risk. Stolen API Keys Can be Used to Steal Personal and Financial Data.
PALO ALTO, Calif.–(BUSINESS WIRE)–#APIs—Approov, the end-to-end mobile security provider, today issued findings showing that 92% of the most popular banking and financial services apps contain easy-to-extract secrets such as API keys, which could be used in scripts and bots to attack APIs and steal data, devastating consumers and the institutions they trust.
The Approov Mobile Threat Lab downloaded, decoded and scanned the top 200 financial services apps in the U.S., U.K., France and Germany from the Google Play Store, investigating a total of 650 unique apps. Ninety two percent of the apps leaked valuable, exploitable secrets and twenty three percent of the apps leaked extremely sensitive secrets.
As well as immediately exposing secrets, scans also indicated two critical runtime attack surfaces that could be used to steal API keys at runtime. Only 5% of the apps had good defenses against runtime attacks manipulating the device environment and only 4% were well protected against Man-in-the-Middle (MitM) attacks at run-time.
“Have we all unknowingly become beta-testers for financial services apps? Is this putting our personal finances at risk? Continuing news about breaches seems to indicate this is the case and it is unacceptable!” said Approov CEO Ted Miracco.
“This research shows hardcoding sensitive data in mobile apps is widespread and a massive problem since secrets can easily be extracted. A simple automated scan can show any threat actor how well protected apps are at runtime. Unfortunately, financial apps fall short,” Miracco added.
Other findings:
The Approov Mobile Threat Lab report is available here (https://info.approov.io/secret-report).
The report explains the approach and provides detailed findings. Using this report, financial services teams can replicate tests performed and check the security of their apps without delay.
About Approov
Approov is considered a cornerstone of mobile application security for leading global organizations whose consumer and B2B applications are used by millions annually, including eCommerce, financial services, healthcare and connected car sector organizations.
Approov provides a comprehensive runtime security solution for mobile apps and their APIs, unified across iOS and Android. Mobile apps have become a critical element for every business and unfortunately can expose organizations to breaches, fraud, denial of service, and other forms of API abuse. Approov immediately stops any automated tools or compromised apps from manipulating any part of the end-to-end mobile platform, turning away unauthorized access attempts by scripts, bots and fake or tampered apps.
By eliminating false positives and providing runtime application self-protection (RASP) as well as just-in-time-management of API keys, secrets and certificates, Approov delivers both exceptional operational convenience and highly robust security at scale.
Contacts
Engage with Approov:
Website: https://www.approov.io/
Twitter: @approov_io
Media Contact:
Dan Chmielewski
Madison Alexander PR, Inc.
949-231-2965
dchm@madisonalexanderpr.com
NEW DELHI, Dec. 21, 2024 /PRNewswire/ -- Appy Pie Design, a leading No-code AI Design…
Montreal-based Thought Technology Ltd wraps up its 50th year in business providing psychophysiological instrumentation to…
RIYADH, Saudia Arabia, Dec. 20, 2024 /PRNewswire/ -- Impossible Creative debuted innovative immersive storytelling technology…
The Jim & Linda Lee Performing Arts Center, Northern Arizona’s premiere entertainment venue, has installed…
Perfect Corp. will showcase AI-powered solutions and discuss the future of personalized consumer experiences at…