Researchers discover online banking security problem

Aug 10, 2006
A row of Apple computers at a cybercafe

Two researchers working within Cardiff University's School of Computer Science, Professor Antonia J Jones and Joseph R Rabaiotti, together with a third independent researcher Stuart P Goring, have today released details of a problem with HSBC's online banking system. The bank was informed of the issue prior to publication.

The researchers demonstrated (without in any way hacking, or even entering, the system) that the problem they observed, together with the illegal use of a keylogger (a device which records keystrokes and can later play them back), would in principle allow an attacker to gather all the necessary information required to enter any customer account.

HSBC and Cardiff University are now working together to address a number of issues raised by this research.

No illegal access took place during this research. It is generally assumed that to be in a position to prove that a gatekeeper system has a weakness one must have broken the law. However, the researchers were able to demonstrate that this is not the case. In this case they showed that by perfectly proper use of the system (a legal log-in which fails due to a typing error) and by intelligent observation one can logically prove a weakness without even passing the gatekeeper or entering the system. While they were able to do this because of a rather trivial problem, an interesting point of principle has been established and a significant loophole identified.

Professor Jones said: "What is truly amazing about this particular problem is that it apparently has not been illegally exploited for at least two years, during which time all user accounts were in principle open to the access procedure we describe.

"This fact alone raises some serious questions about the wisdom of having any sensitive system online and about online banking in general."

Source: Cardiff University

Explore further: Software provides a clear overview in long documents

add to favorites email to friend print save as pdf

Related Stories

Startup offers elderly an Internet key to family links

Jul 27, 2014

Two grandmothers mystified by computer tablets have inspired a French-Romanian startup to develop an application and service to help the elderly stay in touch with their relatives through the Internet.

How honey bees stay cool

Jul 23, 2014

Honey bees, especially the young, are highly sensitive to temperature and to protect developing bees, adults work together to maintain temperatures within a narrow range. Recently published research led by ...

Recommended for you

Google searches hold key to future market crashes

8 hours ago

A team of researchers from Warwick Business School and Boston University have developed a method to automatically identify topics that people search for on Google before subsequent stock market falls.

Lenovo's smart glasses prototype has battery at neck

10 hours ago

China's PC giant Lenovo last week offered a peek at its Google Glass-competing smart glass prototype, further details of which are to be announced in October. Lenovo's glasses prototype is not an extreme ...

Amazon launches 3D printing store

13 hours ago

Amazon announced Monday the launch of an online store for 3D printed items to allow consumers to customize and personalize items like earrings, pendants, dolls and other objects.

User comments : 0