Metro Bank, the UK-based challenger bank has been victimized to a new type of cyber fraud that targets the codes sent via text messages used to verify transactions. The incident is also believed to be part of a wider attack on UK banks although no others have yet gone public. The bank made the admission on Monday but added that only a small number of customers had been affected and that none has been left out of pocket.
Report say that hackers were able to exploit a weakness in the additional layer of security offered by Metro and other banks that ask customers to type in a code sent by text message to confirm transactions as part of its 2-factor authentication (2FA) process.
According to tech website Motherboard, which first reported the breach, the weakness in the SSL protocol used by telecom companies has been known by cyber security bodies and telecom companies for a number of years.
Back in 2017 telecom operator O2 confirmed that hackers had exploited SSL weaknesses in messages used by German banks. By tracking the phones remotely and then intercepting the messages, fraudsters are able to gain access to customer accounts.
While admitting that text messages are not the most secure form of communication, a spokesperson for the National Cyber Security Centre in the UK told the Daily Telegraph newspaper that 2FA still offers a huge advantage over not using any 2FA at all.
Despite the endorsement of 2FA, it is still not as widely used acorss the banking sector as security advocates would like. In late January UK consumer magazine reported that seven out of UK's top 12 banks do not offer 2FA despite having the technology to do so.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
