News

Hackers could break into mobile-phone ATM applications

July 18, 2005

SecurityPark.net: Retail banks could be exposing their customer data to hackers by offering ATM services over downloadable mobile banking applications. Up to 20 High Street banks in the United Kingdom are gearing up to roll-out balance request and mobile phone top-ups using the service, dubbed MobileATM, by the end of the year. MobileATM is being offered to banks by cash machine operator LINK. It has been developed by MChex, a subsidiary of Morse, which developed the service's security software that requires the user to enter his PIN and a one-time password.

The service has incorporated several security functions such as a two-step authentication procedure, developed following security tests on similar mobile phone applications in the online gambling and gaming sector. But it may be possible for a hacker to sidestep those measures by hacking into the source code of the application itself, using it to access data held by the bank.