A critical security bug was discovered in major banking apps used by HSBC, NatWest and Co-op which could let hackers steal usernames and passwords, new research has revealed. Researchers from the University of Birmingham said this week (6 December) that they had worked alongside the UK’s National Cyber Security Centre (NCSC) – a fork of intelligence agency GCHQ – to fix the vulnerabilities and ensure patches were pushed to users.
The team found the bugs after developing a tool called “Spinner”, which was able to perform “semi-automated security testing” of mobile apps. It was used to analyse cybersecurity against a sample of 400 services.
The vulnerability, if exploited, could have let hackers connect to the same network as the victim – such as a public Wi-Fi network in a workplace or coffee shop – to perform a so-called Man in the Middle (MitM) attack and retrieve usernames, passwords or pin codes. Mark James, Security Specialist at ESET commented below.
Mark James, Security Specialist at ESET:
Always try and keep an eye on your financial statements for any irregularity’s- spotting these early may well be the difference between a financial inconvenience or a disaster.”
The opinions expressed in this article belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.