HSBC web security cracked

The bank’s anti-keylogging system is flawed, say researchers

Written by Phil Muncaster

IT Week, 10 Aug 2006

The safety of online banking is again in question, as researchers say the log-in systems used by HSBC and another major high street bank could be easily cracked by keylogging devices.

Cardiff University researchers said they discovered a flaw, which could allow hackers to break into accounts within nine attempts. Unlike many other banks, HSBC asks for a numeric-only passcode and does not regularly change the order of digits it requests, making it easier for hackers to obtain the number.

"They have an anti-keylogging system that doesn't work – they might as well not have it," said Cambridge University net security expert Richard Clayton. " The only reason it's a theoretical [flaw] is that they're fortunate no bad guys have [exposed it] yet."

Clayton said banks should ask for more authentication when users try to access certain facilities, such as to add new payees.

"The deep flaw is that they have the same authentication to do everything," Clayton said. "The problem is that they're all copying each other – none of the online security schemes are perfect but it would be wiser to do something different."

HSBC said in a statement that attacks of this kind are unlikely as they require "a particular and time-consuming focus on one individual", although it invited feedback from experts on its online banking service. "In this instance the supposed flaw uncovered is not one that we have seen criminals use [and] it is not likely to be a profitable way for criminals to behave."

  • Have your say
  • Send to a friend
  • Print this
  • Share

Tags:

reader comments

related articles

UK’s 17 million e-shoppers show security savvy

Online sales are increasing and so is awareness of security, according to a BCS survey 10 Aug 2006

 

Business holds key to ID card success

Director of the UK ID card programme says that banking sector leads calls for cards 23 Feb 2006

RSA announces two-factor strategy shift

Security firm to enter into partnerships to push its technology 15 Feb 2006

Banks mull customer liability for online fraud

Experts warn that banks may get tougher on consumers who do not do enough to protect themselves 12 Jul 2006

Security

Top 10 most notable Black Hat/Defcon stories

Security woes from Las Vegas 05 Aug 2009

Security

Consumer group slams online banking security

Financial institutions must do more to protect customers, says Which? report 27 Aug 2009

Security

USB stick security flaw puts data at risk

Security firm warns of imminent threat to sensitive information 30 Oct 2009

related whitepapers

today's top stories

Communications

Telepresence: coming to a screen near you?

Telepresence systems enable organisations to hold boardroom-style meetings with far-flung participants without the hassle and expense of arranging travel and accommodation. But while the technology is impressive, it does not come cheap, as Martin Courtney discovered when he sat in on a virtual meeting with executives from Philips 10 Mar 2010

Internet

Users give their verdict on Azure

Some of the first wave of UK adopters met in London recently to air their views on Microsoft’s cloud computing platform. Dave Bailey listened in 10 Mar 2010

Communications

Protests greet new Digital Economy Bill amendment

ISPs, digital rights groups and Liberal Democrat supporters cry foul 05 Mar 2010

Management

Publishing special - Publishers innovate to survive

1) IT could hold the key to the future of publishing 2) Case Study: The Guardian harnesses social and mobile apps 3) How publishers are reacting to the iPad 02 Mar 2010

Management

IT Leaders' Forum in association with IBM

A unique opportunity to hear from expert speakers and engage in a debate about the future of the CIO job function 29 Jan 2010

> More news

Advertisement

Subscribe

Keys to successful Serviceā€Oriented Architecture implementation

This white paper explores best practices and general design patterns for service oriented architecture (SOA).

The Roadmap to IT Maturity — Matching Strategy to Infrastructure for Business Success

This paper defines a roadmap for matching infrastructure strategy to business success.

Advertisement

Keep up to date with the latest products, services and technologies from the world's leading IT companies; ITHound.com brings you over 6,000 white papers, case studies and analyst reports.

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

More available - click 'submit' to view

Existing User

Newsletter user login:

Jobs

Related jobs

Job of the week

> More IT vacancies

Job alerts

  • Latest jobs to your inbox
Sign up here

Find your next job

IT Salary Checker

  • Are you being paid what you are worth?
Check salary here

Advertisement

Latest poll

NHS centralised data

NHS centralised data

Do you think the NHS can be trusted to safely look after personal data electronically?

View poll results

> More polls

Latest audio and video articles

Video

HP unveils S Series notebooks

'Prosumer' line overhauled 01 Mar 2010

Web Seminar Listings

Preparing for enterprise-scale Windows 7 migration

The web seminar on 18 Feb will discuss how Windows 7 migration can increase IT efficiency in large enterprises, freeing up budgetary and personnel resources to focus on business innovation. Our panel of experts will examine the strategies, tools and services IT leaders can use to migrate successfully and reap the rewards of increased efficiency. 19 Feb 2010

> More audio and video

Latest in-depth articles

Wayne GibbonsComment

Social networks are key to cracking China

Business social media can unlock the door to the world’s second-largest economy 10 Mar 2010

Neil SandersonComment

Choosing the virtualisation set-up that suits your firm

Decide on a system that best fits your business needs and plans – and don’t forget security, says Neil Sanderson 10 Mar 2010

> More in depth articles

Primary Navigation