The internet-only banking platform, N26 was found to have few security issues that made its mobile application vulnerable to hijacking attempts. The security issues were discovered and reported by Vincent Haupert, a University of Erlangen-Nuernberg research fellow and Ph.D. student.
Had it not been for Vincent, the issue might have gone unnoticed until someone decided to benefit from it. The report of such security issues on the N26 platform also raises questions about the safety and reliability of electronic banking against cryptocurrency based financial services.
The details of the security vulnerability were disclosed by Vincent at the Chaos Communications Congress in Hamburg. He said that the security shortcomings on the smartphone application enabled him and two of his colleagues to launch an attack in multiple ways to hijack accounts belonging to individual customers.
By comparing the N26 user information with compromised user credentials from earlier Dropbox hack, Vincent and his team were able to use the company’s own software to identify credentials of over 33,000 N26 users. Disturbingly, they were able to do all these without tripping the platform’s anti-fraud systems.
Vincent was quoted by a news portal saying,
“They say you can open a bank account in just eight minutes… As it turns out, you can lose it even faster.”
Since the attempt, they have reported the vulnerabilities to N26 team, which has fixed them.
N26 is a celebrated startup, which is recognized by many as the future of banking. The N26 model allows it to operate like any other banking institution, catering globally without the requirement of physical branches. The platform, with the license issued by the financial regulatory authority in Germany, has so far gained over 200,000 customers and caters to 17 different European countries.
N26 has officially acknowledged Vincent’s contribution and thanked him and his team for informing them of the issues. The internet-only bank has also declared that the customers’ personal data has always been secure and was never accessible to any third party. Vulnerabilities like this are not limited to N26, many conventional banking institutions are also prone to face similar issues, which makes conventional fiat based banking much riskier than Bitcoin and cryptocurrency based transactions.
Ref: Reuters | Image: NewsBTC