Researchers discover online banking security problem

August 10, 2006
A row of Apple computers at a cybercafe

Two researchers working within Cardiff University's School of Computer Science, Professor Antonia J Jones and Joseph R Rabaiotti, together with a third independent researcher Stuart P Goring, have today released details of a problem with HSBC's online banking system. The bank was informed of the issue prior to publication.

The researchers demonstrated (without in any way hacking, or even entering, the system) that the problem they observed, together with the illegal use of a keylogger (a device which records keystrokes and can later play them back), would in principle allow an attacker to gather all the necessary information required to enter any customer account.

HSBC and Cardiff University are now working together to address a number of issues raised by this research.

No illegal access took place during this research. It is generally assumed that to be in a position to prove that a gatekeeper system has a weakness one must have broken the law. However, the researchers were able to demonstrate that this is not the case. In this case they showed that by perfectly proper use of the system (a legal log-in which fails due to a typing error) and by intelligent observation one can logically prove a weakness without even passing the gatekeeper or entering the system. While they were able to do this because of a rather trivial problem, an interesting point of principle has been established and a significant loophole identified.

Professor Jones said: "What is truly amazing about this particular problem is that it apparently has not been illegally exploited for at least two years, during which time all user accounts were in principle open to the access procedure we describe.

"This fact alone raises some serious questions about the wisdom of having any sensitive system online and about online banking in general."

Source: Cardiff University

Explore further: Origin of Saturn's F ring and its shepherd satellites revealed

Related Stories

Chemists solve major piece of cellular mystery

August 27, 2015

Not just anything is allowed to enter the nucleus, the heart of eukaryotic cells where, among other things, genetic information is stored. A double membrane, called the nuclear envelope, serves as a wall, protecting the contents ...

Pancake-making PR2 spells teachable future in robotics

August 27, 2015

The RoboHow project has told the world what it's been up to in research at the High-Tech Systems 2015 fair and conference in the Netherlands. RoboHow is a four-year European research project that started in February 2012. ...

Drought tips available for farmers

August 26, 2015

Drought strategies for managing alfalfa and many other crops are available free from UC Agriculture and Natural Resources. As California endures a fourth year of drought and ever-tightening water supplies, water-management ...

Recommended for you

Interactive tool lifts veil on the cost of nuclear energy

August 24, 2015

Despite the ever-changing landscape of energy economics, subject to the influence of new technologies and geopolitics, a new tool promises to root discussions about the cost of nuclear energy in hard evidence rather than ...

Smart home heating and cooling

August 28, 2015

Smart temperature-control devices—such as thermostats that learn and adjust to pre-programmed temperatures—are poised to increase comfort and save energy in homes.

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.