Is Your Mobile Bank App Safe?
A detection tool developed by Birmingham University has revealed a big flaw in some of the UK leading banks apps.
The below affected banks have been using phone and tablets apps that hackers could have easily infiltrated to steal login details.
• Smile bank
• First trust bank
• Allied Irish bank
• Bank of America health
Researchers at Birmingham University’s School of Computer Science ran a tool to test the security of 400 Android and iOS apps, including many from banks that customers use to check their account and transfer money.
They found that several banking apps contained a critical flaw that would let an attacker connected to the same network perform a man-in-the-middle (MITM) attack, intercepting what’s been sent from the user to the bank. Around 10 million users identified to be at risk.
The flaw was identified in the use of certificate pinning, a technique that gives apps and websites a guarantee they are using a safe connection. Hackers can use fake certificates to impersonate genuine sites and apps.
The researchers told the banks affected and worked with the Government’s National Cyber Security Centre to fix the vulnerabilities. In total, the apps of nine banks contained the flaw. They have all been updated to eradicate the flaw except the Bank of America health app, which hasn’t been available since June 2017.
A spokesperson for HSBC thanks the University of Birmingham for the opportunity to work together, adding we have already taken steps to addr4ess this.
Dr. Tom Chothia who led the research said it was impossible to know whether hackers exploited the flaw. He added: “In general the security of the apps we examined was very good, the vulnerabilities we found were hard to detect, and we could only find so many weaknesses due to the new tool we developed”.