SSL security vulnerability reported in Simple banking app

Security requires eternal vigilance, and we're reminded of that once again today by Nick Arnott who went poking around the Simple banking app for iPhone and discovered what looks to be an SSL vulnerability. Arnott describes the issue on his website, Neglected Potential.

The first thing that jumps out is the request to when you sign in to your account. Included in the request are your plaintext username and plaintext passphrase. The request is sent over SSL, but this doesn’t gaurantee security and when dealing with such sensitive data, more security measures should be taken.

Arnott points out that Simple isn't doing anything here that many other banks aren't also guilty of, but that just makes the problem bigger, not more excusable. Read the full story on his site, linked below.

Source: Neglected Potential

Have something to say about this story? Leave a comment! Need help with something else? Ask in our forums!

Rene Ritchie

EiC of iMore, EP of Mobile Nations, Apple analyst, co-host of Debug, Iterate, Vector, Review, and MacBreak Weekly podcasts. Cook, grappler, photon wrangler. Follow him on Twitter and Google+.

More Posts



← Previously

Samsung facing EU complaint, Apple patent rejected

Next up →

Google updates Chrome for iOS to fix audio bug

Reader comments

SSL security vulnerability reported in Simple banking app


LOL at how much iOS related security is such a hot item! *blink*

This is actually important people. Just sayin'