Security flaw in banking apps
Mobile banking customers are being advised to update their apps after experts discovered a security flaw that left millions vulnerable to hackers.
Researchers found that several apps, including those from HSBC, The Co-operative and NatWest banks, had a specific weakness that could be exploited by criminals to gain access to users’ details such as username, password and Pin code.
The vulnerability, believed to have put 10 million users around the world at risk, has been fixed but the experts say it is not clear whether the flaw was exploited by attackers.
They recommend using the most recent version of the banking apps and installing updates as soon as they are offered.
The team from the University of Birmingham detected the weakness using a tool they developed to test 400 apps considered to be high security.
Dr Tom Chothia, a senior lecturer in Cyber Security at the University of Birmingham, said: “In general the security of the apps we examined was very good, the vulnerabilities we found were hard to detect, and we could only find so many weaknesses due to the new tool we developed. It’s impossible to tell if these vulnerabilities were exploited.”
“Believed to have put 10 million users around the world at risk”
They found that a hacker connected to the same network as the app user, such as Wi-Fi or a corporate network, could perform what they call a “man-inthe-middle attack” to trick the software into revealing personal details.
The team also uncovered the risk of other potential threats including “in-app phishing attacks” against Santander UK and Allied Irish (GB).