SSL security vulnerability reported in Simple banking app

Security requires eternal vigilance, and we're reminded of that once again today by Nick Arnott who went poking around the Simple banking app for iPhone and discovered what looks to be an SSL vulnerability. Arnott describes the issue on his website, Neglected Potential.

The first thing that jumps out is the request to https://api.simple.com/user-api/mobile-auth-tokens when you sign in to your account. Included in the request are your plaintext username and plaintext passphrase. The request is sent over SSL, but this doesn’t gaurantee security and when dealing with such sensitive data, more security measures should be taken.

Arnott points out that Simple isn't doing anything here that many other banks aren't also guilty of, but that just makes the problem bigger, not more excusable. Read the full story on his site, linked below.

Source: Neglected Potential

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.

Latest