The flaw has been discovered by security researchers from the University of Birmingham, who tested hundreds of various banking applications and discovered that many of them were affected by a security flaw, leaving their clients vulnerable to man-in-the-middle attacks.
Apps from major financial organizations, including NatWest, Bank of America Health and HSBC, all shared the same vulnerability.
The flaw enables the attacker, who is connected to the same network as the victim, to do a man-in-the-middle attack and obtain credentials such as a username and a pin code.
Actually, the flaw was with one particular technology known as ‘certificate pinning’. According to researchers:
‘Certificate Pinning is a good technique to improve the security of a connection, but in this case, it made it difficult for penetration testers to identify the more serious issue of having no proper host name verification.’
Many apps from some of the biggest banks were discovered to contain this issue, which enables an attacker to decrypt, view and modify network traffic from users of the app.
The researchers worked with all affected banks and the UK National Cyber Security Centre to patch the flaw. All the apps are secure now.
Latest posts by Unallocated Author (see all)
- 5 Robust Cybersecurity Practices for Your Email Marketing Campaigns - December 5, 2019
- 5 Insider Threat Solutions You Should Follow in 2019 - November 29, 2019
- Data Breaches That Occurred in 2019 and How Cybersecurity Frameworks Can Work To Prevent Them - November 25, 2019