The flaw has been discovered by security researchers from the University of Birmingham, who tested hundreds of various banking applications and discovered that many of them were affected by a security flaw, leaving their clients vulnerable to man-in-the-middle attacks.
Apps from major financial organizations, including NatWest, Bank of America Health and HSBC, all shared the same vulnerability.
The flaw enables the attacker, who is connected to the same network as the victim, to do a man-in-the-middle attack and obtain credentials such as a username and a pin code.
Actually, the flaw was with one particular technology known as ‘certificate pinning’. According to researchers:
‘Certificate Pinning is a good technique to improve the security of a connection, but in this case, it made it difficult for penetration testers to identify the more serious issue of having no proper host name verification.’
Many apps from some of the biggest banks were discovered to contain this issue, which enables an attacker to decrypt, view and modify network traffic from users of the app.
The researchers worked with all affected banks and the UK National Cyber Security Centre to patch the flaw. All the apps are secure now.
Latest posts by Unallocated Author (see all)
- The Digital Revolution: Ways to Drive Business Growth in the Private Education Sector - March 9, 2020
- Top Cybersecurity Trends In 2020 - February 20, 2020
- Microsoft Rolled Out Huge Patch Tuesday February With 99 Bug Fixes - February 14, 2020