Some of Britain’s biggest banks have mended a huge security flaw that could have left millions of customers open to attack after it was pointed out by University of Birmingham academics.
The vulnerability allowed an attacker to retrieve username, password and pin code through a “man in the middle attack”.
Ten banks, including HSBC, Natwest and Co-Op Bank, left customers open to attackers for “at least six to eight months”, although the researchers said it would be “impossible to tell” how many Britons, if any, had been affected.
Criminals could have exploited the hole by hijacking banking customers so long as they were using the same public Wi-Fi network to connect. If exploited, the attackers could potentially siphon funds from their victims accounts without their knowing.
“It’s impossible to tell if these vulnerabilities were exploited, but if they were attackers could have got access to the banking app of anyone connected to a compromised network,” said Dr Chotia, who has co-authored a research paper on the findings.