By Elinor Mills
November 4, 2010
A security firm disclosed holes today in mobile apps from Bank of
America, USAA, Chase, Wells Fargo and TD Ameritrade, prompting a
scramble by most of the companies to update the apps.
"Since Monday (11/01/2010), we have been communicating and coordinating
with the financial institutions to eliminate the flaws," research firm
viaForensics wrote in a post on its site. "The findings we published
reflect testing completed on 11/03/2010. Since that time, several of the
institutions have released new versions and we will post updated
The company had reported its findings to The Wall Street Journal earlier
in the day. Yesterday, viaForensics went public with problems in
PayPal's iPhone app, spurring the online payment provider to action.
Specifically, viaForensics concluded that: the USAA's Android app stored
copies of Web pages a user visited on the phone; TD Ameritrade's iPhone
and Android apps were storing the user name in plain text on the phone;
Wells Fargo's Android app stored user name, password, and account data
in plain text on the phone; Bank of America's Android app saves a
security question (used if a user was accessing the site from an
unrecognized device) in plain text on the phone; and Chase's iPhone app
stores the username on a phone if the user chose that option, according
to the report.
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.