According to information from Süddeutsche Zeitung, online banking apps of numerous financial institutions are insufficiently protected against hacker attacks. Scientists at University of Erlangen-Nuremberg have succeeded in circumventing security precautions of 31 financial apps and manipulating m for possible accesses, newspaper reports. The banks in Germany, among ors, include Commerzbank, city of savings, Comdirect and Fidor bank.
if ( typeof AdController !== ‘undefined’ !window.Zeit.isMobileView()) { if ( !document.getElementById( ‘iqadtile8’ ) ) { var elem = document.createElement( ‘div’ ); elem.id = ‘iqadtile8’; elem.className = “ad ad-desktop ad-desktop–8 ad-desktop–8-on-article”; elem.setAttribute(‘data-banner-type’, ‘desktop’); elem.setAttribute(‘data-banner-label’, ‘Anzeige’); document.getElementById(‘ad-desktop-8’).parentNode.appendChild(elem); AdController.render(‘iqadtile8’); if ( window.console typeof window.console.info === ‘function’ ) { window.console.info(‘AdController ‘ AdController.VERSION ‘ tile 8 desktop’) } } } if ( typeof AdController !== ‘undefined’ window.Zeit.isMobileView()) { if ( !document.getElementById( ‘iqadtile3’ ) ) { var elem = document.createElement( ‘div’ ); elem.id = ‘iqadtile3’; elem.className = “ad ad-mobile ad-mobile–3 ad-mobile–3-on-article”; elem.setAttribute(‘data-banner-type’, ‘mobile’); document.getElementById(‘ad-mobile-3’).parentNode.appendChild(elem); AdController.render(‘iqadtile3’); if ( window.console typeof window.console.info === ‘function’ ) { window.console.info(‘AdController ‘ AdController.VERSION ‘ tile 3 mobile’) } } }
The attacking possibilities range from unauthorized execution and copying of app to changing IBAN number and sending transaction number (TAN) to any device. A tan is required in online banking to confirm legality of a bank transfer by account holder. Security vulnerabilities could be used by hackers to unnoticeably redirect money from bank customers to ir own accounts. The precondition for attack is that Bank app and application are used to generate transaction numbers on same smartphone.
The background to common weak point is that many banks use same service provider, IT security company, to promote. The Chief of Technology of company confirmed results of researchers, but said that no criminal has been able to circumvent security solutions. Promon has around 100 customers and Sagittarius A total of 100 million users worldwide. The company is already in contact with University of Erlangen-Nuremberg and is working to close security loopholes.
At request of newspaper, all banks concerned indicated that y wanted to examine results. Comdirect said that “in practice a mass-suitable attack was much more difficult”. A spokesman for Sparkasse said that implemented procedure was still suitable under consideration of risk and customer benefits.