Have the iOS Security Flaws Affected Mobile Self-Service Applications?

By Lisa Durant
On Feb 27, 2014
Thursday, February 27, 2014

Apple’s recent iOS and OS X security flaws have caused quite a stir; and, as a Mac and iPhone owner myself, I have certainly been following the situation closely. When I first heard about the security issue, which could allow someone to set up a fake SSL server to harvest private data like credit card information, my mind jumped to one thing: my mobile banking application and SMS/text message banking. 

Now, there is mixed information out there about whether this flaw might have affected mobile application traffic; I thought it was probably unlikely. But, this is my bank account we’re talking about. So, I quickly logged onto my bank’s website, where I was greeted with this message:

Apple Security Update Information

Ok, not as informative as I’d hoped. You’d think they would tell me outright if their applications/mobile banking had been affected! So, I navigated to their Facebook page (because, as I’ve said in the past, I usually go to social media first!) only to find a dozen or so posts about how online and mobile banking had inexplicably been down for days. So, now I’m getting worried!

Finally, I picked up the phone to ask an agent directly if the flaws affected the institution’s mobile banking application or SMS/text banking. The reply: “I haven’t heard anything about it.” What? You haven’t heard anything about a security flaw that’s been making headline news?

Fortunately, the agent was able to eventually get me an answer: “the security flaw has not affected the institution’s mobile application, text message banking, or online banking.” Whew!

I also contacted my cable company, mobile service provider, and insurance company to see if any of their mobile self-service applications have been affected: they claim there has been no impact. 

What is there to learn from this debacle? Well, the 20% of companies that, according to the Nemertes’ 2013-14 Enterprise Technology benchmark, are already engaging mobile applications and the 24% that are either evaluating or formally planning to add mobile engagement better have security at the forefront of their minds! And, for everyone’s sake, keep your agents and customers informed when well-publicized issues like this arise! “I haven’t heard anything about it” is not the answer anyone wants to hear when inquiring about the security of a mobile banking application.

Research Tracks: