Se­cu­rity flaw in bank­ing apps

The Press and Journal (Moray) - - NEWS - BY NILIMA MAR­SHALL

Mobile bank­ing cus­tomers are be­ing ad­vised to up­date their apps af­ter ex­perts dis­cov­ered a se­cu­rity flaw that left mil­lions vul­ner­a­ble to hack­ers.

Re­searchers found that sev­eral apps, in­clud­ing those from HSBC, The Co-op­er­a­tive and NatWest banks, had a spe­cific weak­ness that could be ex­ploited by crim­i­nals to gain ac­cess to users’ de­tails such as user­name, pass­word and Pin code.

The vul­ner­a­bil­ity, be­lieved to have put 10 mil­lion users around the world at risk, has been fixed but the ex­perts say it is not clear whether the flaw was ex­ploited by at­tack­ers.

They rec­om­mend us­ing the most re­cent ver­sion of the bank­ing apps and in­stalling up­dates as soon as they are of­fered.

The team from the Uni­ver­sity of Birm­ing­ham de­tected the weak­ness us­ing a tool they de­vel­oped to test 400 apps con­sid­ered to be high se­cu­rity.

Dr Tom Chothia, a se­nior lec­turer in Cy­ber Se­cu­rity at the Uni­ver­sity of Birm­ing­ham, said: “In gen­eral the se­cu­rity of the apps we ex­am­ined was very good, the vul­ner­a­bil­i­ties we found were hard to de­tect, and we could only find so many weak­nesses due to the new tool we de­vel­oped. It’s im­pos­si­ble to tell if these vul­ner­a­bil­i­ties were ex­ploited.”

“Be­lieved to have put 10 mil­lion users around the world at risk”

They found that a hacker con­nected to the same net­work as the app user, such as Wi-Fi or a cor­po­rate net­work, could per­form what they call a “man-inthe-mid­dle at­tack” to trick the soft­ware into re­veal­ing per­sonal de­tails.

The team also un­cov­ered the risk of other po­ten­tial threats in­clud­ing “in-app phish­ing at­tacks” against San­tander UK and Al­lied Ir­ish (GB).

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.