A study undertaken by the University of Birmingham has discovered security flaws in the mobile banking apps of nine banks, including HSBC, NatWest and Co-op Bank, which could enable hackers to reveal personal information.
Researchers found that a hacker connected to the same network as an app user – such as Wi-Fi or a corporate network – could perform a ‘man-in-the-middle’ attack, meaning that they could decrypt, view and modify network traffic from the app.
Tom Chothia, a senior lecturer in cyber security at the University of Birmingham, said: “In general, the security of the apps we examined was very good, the vulnerabilities we found were hard to detect, and we could only find so many weaknesses due to the new tool we developed.
“It is impossible to tell if these vulnerabilities were exploited, but if they were attackers could have got access to the banking app of anyone connected to a compromised network.”
The nine affected apps were: Bank of America Health, TunnelBear VPN, Meezan Bank and Smile Bank for Android, and HSBC, HSBC Business, HSBC Identity, HSBCnet and HSBC Private for iOS. All of the companies were notified by the university, who have together worked with the government’s National Cyber Security Centre to fix all of the vulnerabilities.
The research also uncovered the risk of other potential threats including ‘in-app phishing attacks’ affecting Santander UK and Allied Irish Banks. This scam would see criminals take over part of the user’s screen and use this to phish for login credentials.
Latest News
-
Barclays and Santander see largest current account losses after outages
-
WisdomTree chooses BNY for BaaS infrastructure
-
McGill and Partners to develop digital broking platform
-
ECB plans digital euro pilot ahead of 2029 issuance
-
Goldman Sachs and DBS complete ‘first-ever’ interbank over-the-counter crypto options trade
-
Ubank expands passkeys to online banking in ‘Australia-first’
Data trust in the AI era: Building customer confidence through responsible banking
In the second episode of FStech’s three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech examines the critical relationship between data trust, transparency, and responsible AI implementation in financial services.
Banking's GenAI evolution: Beyond the hype, building the future
In the first episode of a three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech explores how financial institutions can navigate the transformative potential of Generative AI while building lasting foundations for innovation.
Beyond compliance: Building unshakeable operational resilience in financial services
In today's rapidly evolving financial landscape, operational resilience has become a critical focus for institutions worldwide. As regulatory requirements grow more complex and cyber threats, particularly ransomware, become increasingly sophisticated, financial services providers must adapt and strengthen their defences. The intersection of compliance, technology, and security presents both challenges and opportunities.
Unleashing generative AI: A force multiplier for financial crime teams
This FStech webinar, sponsored by NICE Actimize sees industry experts examine the revolutionary impact of generative AI on financial crime operations, and provides actionable insights to enhance your compliance strategies.
© 2019 Perspective Publishing Privacy & Cookies
Recent Stories