10 Aug 2006
A group of researchers at Cardiff University claim to have discovered a defect in HSBC's online banking system which could leave over three million customers vulnerable to attacks.
Customers using the internet service may have been vulnerable to attack for at least two years. The researchers found that anyone exploiting the flaw could succeed in cracking an account within nine attempts.
The Cardiff researchers are planning to publish full details in security journals this year, but decided to go public now.
'There are serious issues here,' said Professor Antonia Jones, the scientist leading the research team.
'Banks are in the business of safeguarding your money, and if they tell you that it's safe then you assume that's the case. But as long as this flaw exists, customers are at risk.'
The scam requires installing keylogging devices on PC's which record keystrokes. These can be in the form of physical devices, as in the attempted £220m Sumitomo Mitsui hack, or viruses which sit on the hard drive.
A spokesman for HSBC said: 'The supposed flaw uncovered is not one we have seen criminals use. It is an extremely sophisticated attack that would require a particular and time-consuming focus on one individual victim. It is therefore not likely to be a profitable way for criminals to behave.
'Online fraud via HSBC's internet banking system is substantially lower than the market average and we are satisfied our customers are adequately protected.'
HSBC has issued devices for two-factor authentication – a more secure form of online authentication - to online business customers, but does not yet plan to do so with individual consumers.
What do you think? Email us at feedback@computing.co.uk
Further Reading:
Barclays to tighten web security
HSBC to issue security tokens to online business customers
Have your say on this article
Newsletters
Latest stories from Security Technology
Latest videos
You may also like
Security Technology jobs
Technology Patent Wars
The network will equip staff with up-to-date information on passenger flow and network issues to keep traffic moving during the games
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
