18:05 GMT04 July 2020
Listen Live
    Get short URL

    University researchers have discovered several UK banking apps were wide open to hacking attack. The apps - used by HSBC, Natwest, Santander, Co-op, Allied Irish and several others - have since been mended.

    Scientists from the University of Birmingham found that cyber criminals could hack banking app users if they were connected to the same network and trick the software into revealing customers' personal details.

    "It's impossible to tell if these vulnerabilities were exploited but if they were attackers could have got access to the banking app of anyone connected to a compromised network," said Dr. Tom Chotia, the lead researcher.

    Dr. Chotia's team found cyber criminals could have used wifi to perform a "Janus attack", sometimes known as a "man-in-the-middle attack", to find the customer's username, password and pin code.

    The flaw, known as "certificate pinning", can mask vulnerabilities from routine checks.

    "Certificate pinning is a good technique to improve the security of a connection, but in this case, it made it difficult for penetration testers to identify the more serious issue of having no proper hostname verification," said Dr. Flavio Garcia, co-author of the report.

    'In-App Phishing Attacks'

    The team also found apps were prone to "in-app phishing attacks."

    "The security and safety of our customers' accounts is of the utmost importance to us. We thank the University of Birmingham for the opportunity to work together, and we have already taken steps to address this. Our mobile banking app uses the highest level of encryption and security to protect our customers and their financial details, and we constantly review and improve our security measures to ensure we keep our customers' money and personal details as safe as possible," an HSBC spokesperson has reportedly commented. 


    Attack of the Apps: UK Deliveroo Drivers Lose Fight for Workers' Rights
    Swiped Away: Rise in Online Harassment of Women via Dating Apps
    Russian Hackers to Test Messenger Apps for Officials
    Lebanon's 'Silicon Valley' Showcases Latest Apps to Help Refugees
    bank scam, phishing, app, banking, cyberattack, Banco Santander, HSBC, Birmingham, United Kingdom
    Community standardsDiscussion