Report Shows 92% of Finance Apps Are Vulnerable to Malicious Screen Readers – Here’s How to Protect Yourself

As finance apps continue to disrupt and reimagine the financial sector, users must be vigilant to avoid falling into traps set by malicious screen readers.

According to a report by Promon, a company offering app shielding software, and shared by BusinessofApps, screen readers are now the biggest vulnerability in finance apps.

How Do Screen Readers Work?

Screen readers are an assistive technology that lets blind or visually impaired people use devices with screens. They turn text and images into speech or braille.

The technology works by getting information from the operating system and applications and presenting it to the user. Screen readers can also help users with other disabilities or needs.

Different types of screen readers are designed to serve specific devices and applications.

While screen readers are majorly designed for the right reasons, the need to access extremely sensitive information poses a significant risk, especially with cyberattacks on the rise globally.

Targeted attacks on screen readers can tap certain user information, including usernames and passwords, to the extent of circumventing two-stage authentication to initiate unauthorized transactions.

According to Promon, “a standard attack vector for malware targeted at financial apps is to exploit Android’s Accessibility Services.”

“This allows malicious actors to use screen readers to access the affected device’s screen and contents, meaning they can perform tasks like stealing sensitive information and controlling the device,” the report explained.

92.4% of Financial Apps Vulnerable to Malicious Screen Readers

Promon’s Security Research Team conducted comprehensive testing on 100 of the most prominent Android banking and financial services applications. The aim was to simulate “real-world screen reader attacks” using an in-house screen reader with the ability to exfiltrate data within the finance apps.

The results at the end of the tests were extremely worrying, with the screen reader exfiltrating data from 85 out of 92 apps, a whopping 92.4%. A mere 7.6% of the apps, translating to only seven in total, exhibited efficient defensive measures against the screen reader’s efforts to access the data.

Android-based applications are particularly vulnerable to screen reader attacks due to the many security gaps that can easily be infiltrated to gain illegal access to sensitive data.

According to BusinessofApps, such targeted attacks expose private conversations, personal credentials, and related data like PINs as well as financial records, including account balances.

Once a user’s device has been attacked and illegal access gained, the malicious screen reader is left to operate in the background.

If unchecked, the exploitation of the Android System’s vulnerabilities allows the unwanted actors to carry out unauthorized tasks like executing transactions, albeit the user’s unawareness.

Promon reckoned that Malware beefed up by more permissions can make it easier for data to be illegally exploited through a variety of channels, allowing for deeper analysis, the extraction of personal information, and illicit use for monetary gain or illegal activity.

How to Protect Yourself

Promon recommends App Shielding as a technology to help Android system users to protect their finance apps. However, the company said that security against such malicious actors must start with the developers of these sensitive financial applications.

Developers should consider adding a specific code in the app that scans all screen readers and raises the alarm in the event of a threat to user data. Several actions may follow the warning depending on the level of the threat, including closing the application.

Unfortunately, creators of malicious screen readers have devised ways to bypass security warnings.

Another viable solution is for developers to carry out app verification by tapping the various accessibility features. This method ensures that apps operating legitimately on the Android OS are not closed down.

Android’s Accessibility Services will have more security features with the soon-to-be-released Android 14.

Developers on Android 14 will have more features at their disposal to ensure accessibility services are not abused. In a nutshell, these new features will block all non-accessibility tools from interacting with applications.

The Rise and Rise of Finance Apps

Financial applications are software used by banking and payment services providers to automate and store customer data and entity information. They hasten the process of executing transactions, retrieving data, recording transactions, and other procedures.

The global personal finance app market, worth $0.94 billion in 2019, is expected to grow to be worth $1.6 billion by 2030, owing to an increase in smartphone and tablet penetration as well as increased demand for mobile banking and financial services.

Consumer knowledge of personal money management is accelerating market growth. In terms of market segmentation by type, Android, iOS, and other platforms exist, with Android accounting for more than 60% of the market, according to DataIntelo.

This dominance can be attributed to reasons such as the cost, ubiquitous availability, and flexible customization options inherent in Android-based devices.

Related Articles

• Best VPNs for Android – Top VPNs for Android for 2023
• YouTube Tests Ad Blocker Crack Down Again – This Time It’s Serious
• Elon Musk Calls California’s $100 Billion Bullet Train Project Expensive and Slow But At Least It Will Be Solar-Powered