YONO SBI Banking App Vulnerability Let Attackers Execute a Man-in-the-Middle Attack

A significant security flaw has been identified in the popular YONO SBI banking application that could potentially expose millions of users to cybersecurity threats. 

The vulnerability, designated as CVE-2025-45080, affects version 1.23.36 of the YONO SBI: Banking & Lifestyle app and stems from insecure network configuration settings that allow unencrypted data transmission.

Summary
1. CVE-2025-45080 in YONO SBI app v1.23.36 allows unencrypted HTTP traffic due to insecure configuration settings.
2. Enables man-in-the-middle attacks where hackers can intercept and manipulate banking data during transmission.
3. Banking credentials, transactions, and personal data are vulnerable to theft, especially on public Wi-Fi networks.
4. Millions of SBI users at risk; experts advise avoiding the app on unsecured networks until patched.

SBI InTouch App Man-in-the-Middle Attacks

The vulnerability centers around the Android application’s manifest configuration, specifically the presence of android:usesCleartextTraffic=”true” in the app’s AndroidManifest.xml file. 

This setting explicitly allows the application to transmit data over unencrypted HTTP connections, contradicting modern security best practices for financial applications. 

The affected app package com.sbi.lotusintouch essentially bypasses Android’s default security mechanisms that were implemented to protect user data.

Security researcher Ishwar Kumar, who discovered the vulnerability, demonstrated that the flaw can be exploited through a relatively straightforward process. 

By decompiling the APK using tools like APKTool and examining the application manifest, researchers can confirm the presence of the insecure configuration. 

Network analysis tools such as Burp Suite or Wireshark can then intercept and monitor the unencrypted traffic flowing between the app and its servers.

The technical implications are severe, as this configuration violates Android’s security guidelines for apps targeting API level 28 (Android 9) or higher, where cleartext traffic is disabled by default. 

The vulnerability creates multiple attack vectors, including eavesdropping on sensitive communications, data tampering during transmission, and most critically, man-in-the-middle (MITM) attacks, where malicious actors can position themselves between users and legitimate banking servers.

Financial Data at High Risk

The cybersecurity community has classified this vulnerability as having a “High” impact rating, which is particularly concerning given the sensitive nature of banking applications. 

Financial institutions typically handle highly sensitive data, including personal identification information, account numbers, transaction details, and authentication credentials. 

When such data is transmitted over unencrypted channels, it becomes vulnerable to interception by cybercriminals operating on the same network infrastructure.

Man-in-the-middle attacks enabled by this vulnerability could allow attackers to capture login credentials, monitor financial transactions in real-time, and potentially manipulate transaction data before it reaches legitimate servers. 

Users connecting to public Wi-Fi networks or compromised network infrastructure would be at particularly high risk, as attackers could easily position themselves to intercept cleartext communications.

As digital banking continues to expand globally, vulnerabilities like CVE-2025-45080 underscore the critical need for financial institutions to prioritize security configuration reviews and implement comprehensive security testing procedures throughout their application development lifecycle.

SBI customers are advised to closely monitor their accounts and refrain from using the application on unsecured networks until a security patch is released.

Exclusive Webinar Alert: Harnessing Intel® Processor Innovations for Advanced API Security – Register for Free