Wednesday, 18 May 2016

Hacker finds flaws that could let anyone steal $25 Billion from a Bank


Stealing Money from Anyone Else's Account


If this wasn't enough, Prakash discovered that the app did not check to see if the given customer ID or Transaction Authorisation PIN (MTPIN) ‒ used for critical controls like transferring funds, creating a new fixed deposit ‒ actually belong to the sender's account.

This blunder in the mobile banking app could have allowed anyone with the app and an account in the bank to transfer money from someone else's account, reported by Motherboard.

    "I tested [the hack] with a bunch of accounts belonging to my family. Few of those accounts don't even have net banking or mobile banking activated," Prakash added. "And it all worked like a charm."

However, instead of taking advantage of these bugs, Prakash responsibly emailed the bank on November 13, 2015, and within few days, bank’s deputy general manager informed him that the security flaws had been fixed, without rewarding him with a bug bounty, that's unfair.

Share this article


Post a Comment

Copyright © 2016 AKACOMS • All Rights Reserved.
Manage by AKACOMS Web Desginers | Template Design by BTDesigner • Powered by Blogger
back to top