Security vulnerability discovered in banking apps, leaving millions at risk

  • 216
  •  
  •  
  •  
  • 1
  •  
  •  
  •  
    217
    Shares

The flaw has been discovered by security researchers from the University of Birmingham, who tested hundreds of various banking applications and discovered that many of them were affected by a security flaw, leaving their clients vulnerable to man-in-the-middle attacks.

Apps from major financial organizations, including NatWest, Bank of America Health and HSBC, all shared the same vulnerability.

The flaw enables the attacker, who is connected to the same network as the victim, to do a man-in-the-middle attack and obtain credentials such as a username and a pin code.

Actually, the flaw was with one particular technology known as ‘certificate pinning’. According to researchers:
‘Certificate Pinning is a good technique to improve the security of a connection, but in this case, it made it difficult for penetration testers to identify the more serious issue of having no proper host name verification.’

Many apps from some of the biggest banks were discovered to contain this issue, which enables an attacker to decrypt, view and modify network traffic from users of the app.

The researchers worked with all affected banks and the UK National Cyber Security Centre to patch the flaw. All the apps are secure now.

The following two tabs change content below.

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Leave a Reply