After a recent survey it shows online banking may not be as secure as you might think. People tend to think banks are the pinnacle of security and that assumption continues to their websites.
Sadly however, even in my own personal experience, the truth is far from that. Many many banks have flaws that can leak information and allow for fairly easy theft of data and credentials.
Online bankers, beware. More than 75 percent of bank Web sites surveyed by a research team had at least one design flaw that could make customers vulnerable to cyber thieves.
University of Michigan computer scientist Atul Prakash and his graduate students Laura Falk and Kevin Borders examined the Web sites of 214 financial institutions in 2006 and found design flaws that, unlike bugs, cannot be fixed with a patch.
The security holes stem from the flow and the layout of these Web sites, according to their study. The flaws include placing log-in boxes and contact information on insecure Web pages as well as failing to keep users on the site they initially visited. Prakash said some banks may have taken steps to resolve these problems since this data was gathered, but overall he still sees much need for improvement.
A shocking 75% with flaws! This study is 2 years old but still the results are quite scary and I seriously doubt the architecture of these banks technology platforms has changed that much.
And with 40% of Americans using online banking systems…that’s a lot of people at risk! I’d guess the figures are probably similar for countries with similar broadband penetration and perhaps even high in some places like Korea and Singapore.
About 40 percent of Americans use the Internet for banking, according to a February 2008 survey conducted by Pew Internet. In 2011, 76 percent of online households will bank online, according to Forrester Research.
The flaws leave cracks in security that hackers could exploit to gain access to private information and accounts. The FDIC says computer intrusion, while relatively rare compared with financial crimes like mortgage fraud and check fraud, is a growing problem for banks and their customers.
A recent FDIC Technology Incident Report, compiled from suspicious activity reports banks file quarterly, lists 536 cases of computer intrusion, with an average loss per incident of $30,000. That adds up to nearly $16 million in losses in the second quarter of 2007. There were two and a half times more computer intrusions in the second quarter of 2007 compared to the first quarter. In 80 percent of the cases, the source of the intrusion is unknown but it occurred during online banking, the report states.
536 is not too bad for the number of cases, but still that’s only for a certain segment of people.
There are a list of the main flaws, which are mostly what we would expect to see in the full article.
Source: Livescience (Thanks Navin)
- Rowhammer – DDR3 Exploit – What You Need To Know
- Santoku Linux – Mobile Forensics, Malware Analysis, and App Security Testing LiveCD
- Google Expands Pwnium Year Round With Infinite Bounty
- Microsoft Opens the Gates to Hack Their Web Services
- Phishing Fraud Cases Growing in the UK
- Regional Trojan Threat Targeting Online Banks
Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 229,555 views
- AJAX: Is your application secure enough? - 119,408 views
- eEye Launches 0-Day Exploit Tracker - 85,198 views