Researchers discover online banking security problem

Aug 10, 2006
A row of Apple computers at a cybercafe

Two researchers working within Cardiff University's School of Computer Science, Professor Antonia J Jones and Joseph R Rabaiotti, together with a third independent researcher Stuart P Goring, have today released details of a problem with HSBC's online banking system. The bank was informed of the issue prior to publication.

The researchers demonstrated (without in any way hacking, or even entering, the system) that the problem they observed, together with the illegal use of a keylogger (a device which records keystrokes and can later play them back), would in principle allow an attacker to gather all the necessary information required to enter any customer account.

HSBC and Cardiff University are now working together to address a number of issues raised by this research.

No illegal access took place during this research. It is generally assumed that to be in a position to prove that a gatekeeper system has a weakness one must have broken the law. However, the researchers were able to demonstrate that this is not the case. In this case they showed that by perfectly proper use of the system (a legal log-in which fails due to a typing error) and by intelligent observation one can logically prove a weakness without even passing the gatekeeper or entering the system. While they were able to do this because of a rather trivial problem, an interesting point of principle has been established and a significant loophole identified.

Professor Jones said: "What is truly amazing about this particular problem is that it apparently has not been illegally exploited for at least two years, during which time all user accounts were in principle open to the access procedure we describe.

"This fact alone raises some serious questions about the wisdom of having any sensitive system online and about online banking in general."

Source: Cardiff University

Explore further: Microsoft to unveil new Windows software

add to favorites email to friend print save as pdf

Related Stories

Drones are fun toys until you get hit in the face by one

Aug 15, 2014

Mini drones are not yet appearing in our skies on a daily basis but they certainly are a rapidly growing trend. People can and do get hurt so we really need to help amateur pilots learn how to fly their new ...

Hitchhiking robot charms its way across Canada

17 hours ago

He has dipped his boots in Lake Superior, crashed a wedding and attended an Aboriginal powwow. A talking, bucket-bodied robot has enthralled Canadians since it departed from Halifax last month on a hitchhiking ...

Online sites shake up hidebound retailing in India

Aug 14, 2014

Finding a way into India's vast but vexing market has long frustrated foreign retailers. Now, overseas investors are pouring billions of dollars into e-commerce ventures that are circumventing the barriers holding back retail ...

Recommended for you

Does your computer know how you're feeling?

6 hours ago

Researchers in Bangladesh have designed a computer program that can accurately recognize users' emotional states as much as 87% of the time, depending on the emotion.

Microsoft to unveil new Windows software

23 hours ago

A news report out Thursday indicated that Microsoft is poised to give the world a glimpse at a new-generation computer operating system that will succeed Windows 8.

Unlocking the potential of simulation software

Aug 21, 2014

With a method known as finite element analysis (FEA), engineers can generate 3-D digital models of large structures to simulate how they'll fare under stress, vibrations, heat, and other real-world conditions.

Indonesian capital threatens to ban Uber car app

Aug 20, 2014

The Indonesian capital is threatening to shut down controversial smartphone car-hailing service Uber due to licensing issues a week after it officially launched in the city, an official said Wednesday.

User comments : 0