As digitisation picks up steam with Indians expected to transact Rs 4 crore digitally every day this year, privacy of their data has become a paramount concern. The government is caught between encouraging digitisation and ensuring secure platforms. This is where startups like Appknox come in.
Specialising in mobile apps security, Appknox recently identified 291 critical vulnerabilities (181 were accorded the status of high ctitical vulnerabilities) in Unified Payments Interface (UPI) based mobile applications developed by banks and other fintech companies. These vulnerabilities had the potential of exposing a user’s entire bank details to the eyes of any hacker.
“There were issues where we could bypass the entire security gamut and get access to user’s bank account details and even download those details easily. We found hackers can easily manipulate these loopholes to misuse the data,” says Appknox cofounder and CEO, Harshit Agarwal.
The team found 181 high, 83 medium and 27 low critical vulnerabilities in the 35 plus apps evaluated by it. The National Payments Corporation of India (NPCI) then advised the banks to quickly work on the suggestions provided by Appknox in order to negate these threats.
Among other threats, the team was particularly concerned about basic security steps which the hackers at Appknox were easily able to contravene. The login password step was easily bypassed by the team in a number of UPI-based apps which could lead any hacker directly into a user’s account and access that user’s information.
Given these apps were developed by banks which are considered the safest mode financial platforms, the team was surprised at the ease with which it was able to hack into the apps.
While banks are still the most secure way of transferring money digitally when it comes to platforms like NEFT however, mobile apps, shares Agarwal, are a different ball game altogether.
“Mobiles can be hacked in very different ways and the internal team at these banking institutions is not that great with mobile apps. The whole security landscape is very different when it comes to mobiles,” says Agarwal.
Several mobile apps have sprung in the last couple of years providing users with ease of transacting online however, to prevent this ease from metamorphosing into a security disaster, the government is working keenly on regulations.
NPCI, shares Agarwal, was quick to get banks to plug the loopholes found by the team at Appknox.
The threat however, is persistent and transformative and both the government and the fintech institutions would need all the help they can find to keep hackers from digging into sensitive user information and thereby, to drive its digitisation push further.
“It’s a never-ending race where hackers look for more loopholes and banking companies innovate to keep ahead. The problem is that banks and other fintech institutions rely on a single vendor for all their security concerns. What they do not realise is that there could be many brains working to break the system and relying on a single brain for security is really dangerous,” says Agarwal.
Appknox specialises in providing security to mobile apps and currently services 100 plus companies in the fintech sector.