Indian overseas Bank App under Radar of Cyber Criminals

New Delhi, India, March 5, 2015: Indian Overseas Bank (IOB) is a major bank in India with about 3350 domestic branches and eight branches and offices overseas. The net profit for the quarter ended 30 June 2014 stood at INR 272 Crores. The Business touched INR 4,20,739 Crores (YoY Growth 8.16%) for the quarter ended 30 September 2014. The Indian Overseas Bank Android app has 50,000 to 1,00,000 downloads on Google Play. Appvigil, a cloud based android app security scanner discovered a JavaScript Injection vulnerability also known as cross-scripting or XSS vulnerability in the Indian Overseas Bank Android app.

https://www.youtube.com/watch?v=yhm0VN98gZk

The report clearly listed all the vulnerabilities along with the activities in which they were present. Based on the same, AppVigil decided to conduct a small experiment on the android application of ‘Indian Overseas Bank’. They launched the application in an emulated local environment, accessing the WebView of the application and executed some JavaScript code in WebView that dynamically changed the ‘About Us’ page to a Login page. After this, a username and password were logged in which was accessible from outside the android application.

This vulnerability will become really dangerous for IOB android app users if a fully permitted malware performs this attack on the app in the same device and steals users’ net banking usernames & passwords.

© Technuter.com News Service

Leave a Reply

Your email address will not be published. Required fields are marked *

Pin It on Pinterest

Shares
Share This