Page 6 - Computeractive - January 2, 2018 UK

P. 6

N e w s The top s tories i n t he world o f t echnology

Millio n s o f b ank cus t o m ers

w e r e using unsaf e a p ps

ustomers of some o f t he attack, i ntercepting w hat’s COMMENT
CUK’s leading b anks, being s ent f rom t he user to
including N atWest, H SBC a nd the b ank. A round 1 0 m illion
RBS, have been u sing phone users a re thought t o h ave In some respects, t his s tory
and t ablet a pps t hat h ackers been a t r isk. is less about the v ulnerability
could have inﬁltrated to steal The ﬂaw w as identiﬁed in of banking a pps, and m ore a
log-in details. the u se of certiﬁcate pinning, testament to the s trength o f
Researchers a t B irmingham a t echnique that gives a pps the d etection tool developed
University’s S chool o f C omputer and w ebsites a g uarantee t hey by Birmingham University.
Science ran a t ool t o t est t he are u sing a s afe c onnection. It was a s emi-automated
security of 400 A ndroid and Hackers can use f ake device built s peciﬁcally to
iOS a pps, including m any certiﬁcates t o i mpersonate ﬁnd ﬂ aws b uried d eep i nside
from banks t hat c ustomers genuine s ites and a pps. apps. A s w e d o m ore t hings
use t o c heck their a ccount The researchers t old t he online, we’ll i ncreasingly rely
and t ransfer m oney. banks a ﬀected, a nd worked on the i ngenuity and r igour
They f ound that several with the G overnment’s of such tests.
banking apps contained a National Cyber Security
critical ﬂ aw that would l et an Centre to ﬁx the have all b een u pdated to Dr Tom C hothia, w ho led
attacker connected t o t he vulnerabilities. I n t otal, t he eradicate the ﬂ aw except the the r esearch, said it was
same network perform a apps of nine banks c ontained Bank of America Health app, impossible to know whether
man-in-the-middle (MITM) ﬂaws (see box b elow). They which h asn’t b een a vailable hackers e xploited t he ﬂaw . He
since June 2017. added: “In g eneral the s ecurity
BANKS A FFECTED A s pokesperson for H SBC of the a pps w e e xamined w as
thanked the U niversity o f very good, t he vulnerabilities
• • NatWest • • Co-op • • First Trust • • Bank of Birmingham “ for t he we found w ere h ard t o d etect,
• • HSBC • • Smile B ank Bank America opportunity to work together”, and w e c ould only ﬁ nd so
• • RBS • • Santander • • Allied Irish Bank Health adding “ we have already t aken many weaknesses due t o t he
steps to address t his”. new t ool w e d eveloped”.

Banks ‘ m u stdom o r e ’ t o f igh t w e b f raud

Banks h ave b een a ccused of report said, b ecause only to tackle it, s aying i t’s “ too
not doing enough to help around 20 per c ent o f c rimes vast” a t ask f or Government
victims of online f raud, a fter a are r eported t o t he police. I t alone.
damning r eport f rom M Ps said “the emotional impact” of Banks a re “unwilling t o
revealed it’s the m ost p revalent the c rime leaves many victims share i nformation about the
crime i n E ngland a nd W a les. reluctant t o c ome f orward. extent of fraud w ith
The Public A ccounts The PAC b lamed the H ome customers”, PAC s aid. I t u rged It also described police eﬀorts
Committee (PAC) s aid victims Oﬃce for b eing “too slow” t o them to improve h ow it shares to ﬁght f raud as “inconsistent”,
lose an estimated £ 10bn a respond t o t he threat of online information about scams, a nd and s aid forces “must p rioritise”
year. H owever, t he true ﬁgure fraud, but also called for b anks to oﬀer better protection to the c rime. R ead t he report at
may b e m uch l arger, the to take greater r esponsibility customers. www.snipca.com/26499.

Y o u’ll like this… BTOpenreachhasused …but not t his AnAndroidkeyboardapp
a d ronetodeliver b roadbandtoa W elsh leakedpersonal d ata o f 3 1musers
village(www.snipca.com/26494) (www.snipca.com/26501)

6 20 December 2017 – 2 J anuary 2 018

1 2 3 4 5 6 7 8 9 10 11