PAY-3 · Mobile Threat Catalogue

Mobile Threat Catalogue

Software vulnerabilities in bank payment application

Contribute

Threat Category: Application-based

ID: PAY-3

Threat Description:

Threat Origin

The most dangerous code in the world: validating SSL certificates in non-browser software 1

Exploit Examples

Not Applicable

CVE Examples

Possible Countermeasures

Mobile Device User

Carefully weigh the risks of using 3rd party mobile banking apps over more mature technologies, such as online transactions via web browsers, which may undergo more rigorous evaluation and benefit from more rapid deployment of security updates.

Consider the use of pre-paid credit card services for payment apps to limit the potential financial harm an attacker can cause by placing charges against the linked account.

Enterprise

Carefully weigh the risks of using 3rd party mobile banking apps over more mature technologies, such as online transactions via web browsers, which may undergo more rigorous evaluation and benefit from more rapid deployment of security updates.

Consider the use of pre-paid credit card services for payment apps to limit the potential financial harm an attacker can cause by placing charges against the linked account.

References

  1. M. Georgiev et al., “The most dangerous code in the world: validating SSL certificates in non-browser software”, in Proceedings of the 2012 ACM conference on Computer and communications security, 2012, pp. 38-49; http://dx.doi.org/10.1145/2382196.2382204 [accessed 8/24/2016] 

Privacy Policy | Security Notice | Accessibility Statement | Disclaimer | Send Feedback
Each organization is unique in its risk posture and cybersecurity needs. Mobile device users should consult with their organization’s security team before implementing mitigations or resolutions outlined on this website to avoid potential conflicts with their organization's processes or environments.