Indian Overseas Bank Android App is Vulnerable To hackers:Report


In a new development, an Android app security company Appvigil is claiming that Chennai-based Indian Overseas Bank’s Android application might be vulnerable to being targeted by hackers. The security company has discovered a JavaScript Injection vulnerability also known as cross-scripting or XSS vulnerability, in the bank’s Android app.

Appvigil bases its allegations on a small experiment conducted by the company. “We decided to conduct a small experiment on the Android application of ‘Indian Overseas Bank’. We launched the application in an emulated local environment, accessing the WebView of the application and executed some JavaScript code in WebView that dynamically changed the ‘About Us’ page to a Login page. After this, a username and password were logged in which was accessible from outside the Android application,” the company said in a statement.

This was the Javascript interjected in the activity:
com.iob_phone.ui.IOBProductDetailActivitywith injection String: document.getElementsByTagName(‘body’)[0].setAttribute(‘style‘, ‘background-color: red’);

This experiment puts the limelight on a vulnerability that could prove to be extremely dangerous to the bank’s Android app users. If hackers perform a malware attack on the app, they could easily access and steal users netbanking usernames & passwords.

The app has 50,000 to 1,00,000 downloads on Google Play. It has 3,350 domestic branches and eight branches and offices overseas. The bank’s business touched Rs 4,20,739 crores for the quarter ending September 30, 2014. BGR India tried contacting Indian Overseas Bank for their response and will update the story if and when we hear from the bank.

The report further states that 70-80 percent of all Android apps are vulnerable to hacking today, as developers focus more on productivity and innovation, pushing their security concerns backstage. If you are an Indian Overseas Bank app user, you might want to uninstall the Android app and change your password just to be safe.



About prashant kumar

I m a tech savy person and i want discover more and more about mobiles and gadgets This is my passion.

Posted on March 9, 2015, in Appilication, Mobile and tagged , , . Bookmark the permalink. Leave a comment.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: