London: If you an account with HSBC, then beware, for Cardiff University researchers claim to have found a major flaw with the bank’s online banking system.
Professor Antonia J Jones and Joseph R Rabaiotti, from the University’s School of Computer Science together with another researcher Stuart P Goring, have demonstrated how without hacking or even breaking into the system it will be possible for any attacker to gather all relevant information required for entering any customer account.
They said that by illegally using only a keylogger (a device which records keystrokes and can later play them back), it is possible for any person to gather relevant information required for accessing a HSBC customer account.
"What is truly amazing about this particular problem is that it apparently has not been illegally exploited for at least two years, during which time all user accounts were in principle open to the access procedure we describe. This fact alone raises some serious questions about the wisdom of having any sensitive system online and about online banking in general," said Professor Jones.
"While we were able to do this because of a rather trivial problem, an interesting point of principle has been established and a significant loophole identified," he added.
Professor Jones said they have already informed the bank of the problem prior to the publication of their report.
As of now, the bank and Cardiff University is working together to address this issue along with a number of others raised by this research.