Researchers discover online banking security problem

Aug 10, 2006
A row of Apple computers at a cybercafe

Two researchers working within Cardiff University's School of Computer Science, Professor Antonia J Jones and Joseph R Rabaiotti, together with a third independent researcher Stuart P Goring, have today released details of a problem with HSBC's online banking system. The bank was informed of the issue prior to publication.

The researchers demonstrated (without in any way hacking, or even entering, the system) that the problem they observed, together with the illegal use of a keylogger (a device which records keystrokes and can later play them back), would in principle allow an attacker to gather all the necessary information required to enter any customer account.

HSBC and Cardiff University are now working together to address a number of issues raised by this research.

No illegal access took place during this research. It is generally assumed that to be in a position to prove that a gatekeeper system has a weakness one must have broken the law. However, the researchers were able to demonstrate that this is not the case. In this case they showed that by perfectly proper use of the system (a legal log-in which fails due to a typing error) and by intelligent observation one can logically prove a weakness without even passing the gatekeeper or entering the system. While they were able to do this because of a rather trivial problem, an interesting point of principle has been established and a significant loophole identified.

Professor Jones said: "What is truly amazing about this particular problem is that it apparently has not been illegally exploited for at least two years, during which time all user accounts were in principle open to the access procedure we describe.

"This fact alone raises some serious questions about the wisdom of having any sensitive system online and about online banking in general."

Source: Cardiff University

Explore further: Microsoft to spotlight new Windows software September 30

add to favorites email to friend print save as pdf

Related Stories

Asian monsoon much older than previously thought

Sep 14, 2014

The Asian monsoon already existed 40 million years ago during a period of high atmospheric carbon dioxide and warmer temperatures, reports an international research team led by a University of Arizona geoscientist.

Teaching computers the nuances of human conversation

Sep 12, 2014

Computer scientists have successfully developed programs to recognize spoken language, as in automated phone systems that respond to voice prompts and voice-activated assistants like Apple's Siri.

Recommended for you

Better non-functional security tests for software

Sep 15, 2014

The integration of digital expert knowledge and automation of risk analyses can greatly improve software test procedures and make cloud computing more secure. This is shown by the latest results of a project ...

'Grand Theft Auto V' to hit PS4 and Xbox One

Sep 12, 2014

Rockstar Games on Friday announced that the latest installment of its crime-themed blockbuster video game "Grand Theft Auto" will hit PlayStation 4 and Xbox One consoles in November.

What's at stake with Windows 9?

Sep 12, 2014

When Microsoft presents its first public glimpse of Windows 9 - it's expected to happen late this month or early next - a lot more than just an operating system is at stake.

User comments : 0