Exploitable security plagues digitalisation

Disruptive technologies spur the evolution in the financial landscape, with comprehensive applications providing convenient access to customers’ banking needs.

However, unbeknownst to many, hackers can easily find a way around the most common two-factor authentification methods.

Exploitable security plagues digitalisation
Vietcombank’s (VCB) Digibank phone app.

Tran Viet Luan from Ho Chi Minh City had his account activated via Vietcombank’s (VCB) Digibank phone app, and within seven minutes, VND406 million ($17,650) was transferred to a beneficiary at MSB and SeABank.

Vietcombank’s VCB Digibank, launched in July, integrates the bank’s online trading platforms with its existing services. The state-owned lender believes the app will offer an excellent experience to customers.

Following this lead, most banks are upping the ante in consumer experience, with some trying to blend experiences from the physical and digital worlds.

For instance, VietinBank offers VietinBank iPay Mobile. Meanwhile, HSBC positioned its signature “Banking on the way” app that lets users conduct transactions wherever they are. Standard Chartered is also bringing cutting-edge solutions to customers such as biometrics logins, facial recognition, and fingerprint authentication.

However, security is a major concern for users since the potential for losses is huge. For example, after conducting his money transfer through VCB’s Digibank phone app, since Luan from Ho Chi Minh City did not receive an SMS with a verification code or any notification of the transaction, he was unaware of the money lost until he went to the bank for another transaction.

In another case, earlier this year, 24-year-old Phan The Anh from the north-central province of Thanh Hoa was arrested and sentenced to 30 months for illegally usurping others’ property. He and other fraudsters tricked victims to get a one-time-password (OTP) code, then transferred VND100 million ($4,350) from the victim’s account to their own.

Tricky technology


“During the last year, there have been many cases where hackers exploited the weaknesses of SMS OTP authentication,” said Nguyen Tu Quang, CEO of Bkav, a Vietnamese technology corporation specialised in cybersecurity, software, and smart electronic devices.

OTPs sent via SMS remain a common authentication method, despite siginficant security flaws that have been known for years. Most online transactions nowadays require some kind of two-step authentication, which usually include an OTP sent via SMS.

However, many apps now require access to one’s SMS, which compromises security. A malicious app that targets OTPs only needs two permissions: one to access the internet and another to intercept SMS. With these two very commonly required permissions, the security scans of app stores often miss potential threats.

 

“OTP theft is quite popular, and this risk typically occurs in two major ways. First and foremost, users’ cellphones could be infected by a malware. which can be used to tap into your messages containing the OTP,” economist Nguyen Tri Hieu told VIR. “Secondly, users could get duped into revealing their OTP by fraudsters. For instance, there are many messages, or online links that might trick users to share personal banking details. In some cases, fraudsters could pose as bank tellers, talking about renewing or upgrading existing credit or debit cards of the victims to get the OTP.”

He added that the biggest weakness of the SMS OTP method is the lack of anti-denial, meaning that the system cannot verify who is carrying out the transaction. For example, if a hacker lures a user to a fake money transfer page, all information the user enters will be passed on to the hacker. They will then have a login information and an OTP code to perform the transaction on another device. The system is incapable of determining who made the transaction.

Risks abound


Regarding the incident of Tran Viet Luan, the representative of Vietcombank said Luan’s account was activated with the VCB Digibank application on another device. Vietcombank reported that the carrier has sent a total of eight messages, including four confirmation messages and four balance changes to the Luan’s phone, which he did not receive. The incident is still being investigated.

Vo Do Thang, director of privately-run Athena Cyber Security Center, said that OTP attacks are quite frequent, not only in Vietnam but all over the world.

“However, the decisive factor of safety lies within the user, not the method,” Thang said, adding that the main reasons of account theft are personal mistakes and a lack of experience in self-protection. “Many people freely log in to public Wi-Fi or download spyware without knowing it. Hackers can fully exploit this habit to access the user’s OTP code. Two-layer security by OTP will become less secure if we use it on an insecure device,” said Thang.

When installing new software, it is advised to refrain from allowing too many permissions to applications, such as reading SMS or accessing the internet if not needed. In addition, smartphone users should also use anti-malware software.

Though digital signatures are popular around the world and used in many fields in Vietnam such as customs, insurance, and taxation, Cuong said this method has not been developed by banks due to legal barriers regarding the use of mobile phones. At the same time, OTP is far more superior to digital signatures in terms of convenience when making transactions between different devices.

Le Anh Dung, deputy director of the State Bank of Vietnam’s Payment Department, said he expects the Ministry of Information and Communications and the Ministry of Public Security will speed up their progress to complete a comprehensive decree on protecting personal data and electronic identification. VIR

Luu Huong

Facebook accounts vulnerable to Vietnamese hackers

Facebook accounts vulnerable to Vietnamese hackers

The account of the former footballer Ivanovic has been appropriated by Vietnamese hackers, raising concern about the security of Facebook accounts.

Security experts ask internet users to better protect themselves

Security experts ask internet users to better protect themselves

Truong Quynh Mai was terrified when she received a phone call saying she had been a victim of fraud in Ha Noi and needed to go to the local police station. 

 
 

Other News

.
Boeing to bring more technologies to local airlines
Boeing to bring more technologies to local airlines
BUSINESSicon  18/10/2020 

To cope with the COVID-19 pandemic, Boeing has sped up its ecoDemonstrator programme to support its partner airlines, including those in Vietnam.

VN has been active as foreign companies plan investment relocation
VN has been active as foreign companies plan investment relocation
BUSINESSicon  18/10/2020 

Vietnam has been seen as an ideal destination for foreign companies looking for elsewhere to relocate production channels in a bid to diversify their supply chains in the post-Coronavirus pandemic.

MoIT helps enterprises deal with increasing trade remedy cases
MoIT helps enterprises deal with increasing trade remedy cases
BUSINESSicon  17/10/2020 

Vietnam’s export goods face more trade remedies in the process of deep economic integration, so the Ministry of Industry and Trade has developed solutions for the situation.

ASEAN pushes forward with 5G connectivty cooperation
ASEAN pushes forward with 5G connectivty cooperation
BUSINESSicon  17/10/2020 

As ASEAN chair this year, Vietnam is playing a crucial role in further cementing joint activities within the bloc via boosting the application of high technologies to adapt to Industry 4.0, which is sweeping throughout the region.

Real estate stocks await cash flow
Real estate stocks await cash flow
BUSINESSicon  17/10/2020 

Domestic and foreign capital flow is expected to bolster real estate shares after the COVID-19 pandemic as many investors are paying attention to the industry.

Online exports require professionalism
Online exports require professionalism
BUSINESSicon  17/10/2020 

Using online platforms to boost exports is the fastest way to bring Vietnamese goods to the world, said business leaders and industry experts.

Vietnam to become the 4th largest economy in Southeast Asia: IMF
Vietnam to become the 4th largest economy in Southeast Asia: IMF
BUSINESSicon  17/10/2020 

Vietnam's GDP is estimated to reach US$340.6 billion this year, making it the fourth-largest economy in Southeast Asia.

The dark future of hotels on 'golden land' in Hanoi
The dark future of hotels on 'golden land' in Hanoi
BUSINESSicon  18/10/2020 

A series of hotels have had to cancel their opening plans this year because of Covid-19. Many hotels have been put up for sale because of poor patronage.

Special day for two billionaires: mountains of money pouring in
Special day for two billionaires: mountains of money pouring in
BUSINESSicon  18/10/2020 

Techcombank share prices have soared, while the Hoa Phat Group of the billionaire Tran Dinh Long has reported a record 30-year profit. The prosperity of these enterprises has helped their owners earn more money despite Covid-19.

Many hoteliers intend to divest capital due to heavy losses
Many hoteliers intend to divest capital due to heavy losses
BUSINESSicon  16/10/2020 

Over the past eight months, hotel room tariffs have plunged and hotel room occupancy rates have remained low, forcing several hoteliers to divest capital with many financially weak hotels in the local market being put up for sale.

Meeting expectations of the corporate bond market
Meeting expectations of the corporate bond market
BUSINESSicon  16/10/2020 

A new government decree tightens conditions on the issuance of corporate bonds. However, before the decree came into effect, enterprises flooded the market with new issuances.

M&A activities signal promising fortunes
M&A activities signal promising fortunes
BUSINESSicon  17/10/2020 

Although merger and acquisition levels dropped in 2020 across Vietnam, the prospect for such activities remain bright for next year as overseas investors look to local businesses in order to improve market access.

Thai billionaire, European brewer lose money in Sabeco investment deal
Thai billionaire, European brewer lose money in Sabeco investment deal
BUSINESSicon  16/10/2020 

The Sabeco price has seen a strong recovery in the last half a year, but is still at a low price. Both Thai billionaire and the big brewer Heineken have lost money because of the drop in Sabeco share price.

Investors lose billions of VND as land prices keep rising
Investors lose billions of VND as land prices keep rising
FEATUREicon  17/10/2020 

A lot of real estate traders have missed opportunities to make huge profits because they decided to postpone purchasing plans, hoping that prices would decrease further.

Salary increases in 2020 lowest in 10 years: survey
Salary increases in 2020 lowest in 10 years: survey
BUSINESSicon  16/10/2020 

Salaries increased by 6.5% this year at multinational companies (MNCs) and 5.2% at Vietnamese companies, and are forecast to increase by 7 per cent and 7.7% next year, according to the Talentnet – Mercer Total Remuneration Survey.

The right structural adjustments help Vietnam achieve long-term growth aspirations
The right structural adjustments help Vietnam achieve long-term growth aspirations
BUSINESSicon  17/10/2020 

No nation has escaped the threat of COVID-19 to lives and livelihoods, with many countries seeing cases resurge recently. 

State firms more resilient than foreign, Vietnamese private companies: survey
State firms more resilient than foreign, Vietnamese private companies: survey
BUSINESSicon  15/10/2020 

Business resilience is highly correlated with level of digitisation, the Business Pandemic Resilience Diagnostic conducted by Grant Thornton...

Pandemic a test of fire for Vietnamese enterprises
Pandemic a test of fire for Vietnamese enterprises
BUSINESSicon  15/10/2020 

The COVID-19 pandemic has been a test for Vietnamese businesses as many have been and will be struggling to recover for the foreseeable future. 

Five expy projects unlikely to attract private investors
Five expy projects unlikely to attract private investors
BUSINESSicon  15/10/2020 

Although the National Assembly Standing Committee has given its approval to switch three of the eight subprojects of the North-South Expressway from the public-private partnership (PPP) format into wholly State-invested, 

Only 5% FDI projects in Vietnam use high technologies
Only 5% FDI projects in Vietnam use high technologies
BUSINESSicon  15/10/2020 

Vietnam is home to 32,539 valid foreign direct investment (FDI) projects with registered capital of a combined US$381 billion, of which US$233 billion has been fully disbursed.

 
 
 
Leave your comment on an article

OR QUICK LOGIN