Researchers discover online banking security problem

Aug 10, 2006
A row of Apple computers at a cybercafe

Two researchers working within Cardiff University's School of Computer Science, Professor Antonia J Jones and Joseph R Rabaiotti, together with a third independent researcher Stuart P Goring, have today released details of a problem with HSBC's online banking system. The bank was informed of the issue prior to publication.

The researchers demonstrated (without in any way hacking, or even entering, the system) that the problem they observed, together with the illegal use of a keylogger (a device which records keystrokes and can later play them back), would in principle allow an attacker to gather all the necessary information required to enter any customer account.

HSBC and Cardiff University are now working together to address a number of issues raised by this research.

No illegal access took place during this research. It is generally assumed that to be in a position to prove that a gatekeeper system has a weakness one must have broken the law. However, the researchers were able to demonstrate that this is not the case. In this case they showed that by perfectly proper use of the system (a legal log-in which fails due to a typing error) and by intelligent observation one can logically prove a weakness without even passing the gatekeeper or entering the system. While they were able to do this because of a rather trivial problem, an interesting point of principle has been established and a significant loophole identified.

Professor Jones said: "What is truly amazing about this particular problem is that it apparently has not been illegally exploited for at least two years, during which time all user accounts were in principle open to the access procedure we describe.

"This fact alone raises some serious questions about the wisdom of having any sensitive system online and about online banking in general."

Source: Cardiff University

Explore further: Encryption made easier: Just talk like a parent

Related Stories

SemanticPaint system labels environment quickly online

19 hours ago

Ten researchers from University of Oxford, Microsoft Research Cambridge, Stanford, and Nankai University have presented a new approach to 3D scene understanding with a system which they dubbed SemanticPaint. ...

Encryption made easier: Just talk like a parent

17 hours ago

Encrypting emails can be tedious, difficult and very confusing. And even for those who have mastered the process, it's useless unless the intended recipient has the correct software to decode the message. ...

Researchers discover new mechanism of DNA repair

10 hours ago

The DNA molecule is chemically unstable giving rise to DNA lesions of different nature. That is why DNA damage detection, signaling and repair, collectively known as the DNA damage response, are needed.

Recommended for you

Solar Impulse 2 pilot becomes aviation legend

4 hours ago

At 62 years of age, Swiss Solar Impulse 2 pilot Andre Borschberg has made aviation history with a record breaking solo flight across the Pacific that he has called "an interior journey".

Facegloria: Facebook for Brazil's Evangelicals

4 hours ago

Fluffy clouds waft across a blue sky as you log in and while you chat with friends, Gospel music rings out: welcome to Facegloria, the social network for Brazilian Evangelicals.

Mexico City proposes regulations for Uber

4 hours ago

Mexico City is proposing regulations that would allow Uber and other smartphone-based ride-sharing apps to operate, while requiring drivers and cars to be registered, the city's Office of Legal and Legislative Studies said ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.