return icon

Exploitable security plagues digitalisation

Disruptive technologies spur the evolution in the financial landscape, with comprehensive applications providing convenient access to customers’ banking needs.

However, unbeknownst to many, hackers can easily find a way around the most common two-factor authentification methods.

Vietcombank’s (VCB) Digibank phone app.

Tran Viet Luan from Ho Chi Minh City had his account activated via Vietcombank’s (VCB) Digibank phone app, and within seven minutes, VND406 million ($17,650) was transferred to a beneficiary at MSB and SeABank.

Vietcombank’s VCB Digibank, launched in July, integrates the bank’s online trading platforms with its existing services. The state-owned lender believes the app will offer an excellent experience to customers.

Following this lead, most banks are upping the ante in consumer experience, with some trying to blend experiences from the physical and digital worlds.

For instance, VietinBank offers VietinBank iPay Mobile. Meanwhile, HSBC positioned its signature “Banking on the way” app that lets users conduct transactions wherever they are. Standard Chartered is also bringing cutting-edge solutions to customers such as biometrics logins, facial recognition, and fingerprint authentication.

However, security is a major concern for users since the potential for losses is huge. For example, after conducting his money transfer through VCB’s Digibank phone app, since Luan from Ho Chi Minh City did not receive an SMS with a verification code or any notification of the transaction, he was unaware of the money lost until he went to the bank for another transaction.

In another case, earlier this year, 24-year-old Phan The Anh from the north-central province of Thanh Hoa was arrested and sentenced to 30 months for illegally usurping others’ property. He and other fraudsters tricked victims to get a one-time-password (OTP) code, then transferred VND100 million ($4,350) from the victim’s account to their own.

Tricky technology

“During the last year, there have been many cases where hackers exploited the weaknesses of SMS OTP authentication,” said Nguyen Tu Quang, CEO of Bkav, a Vietnamese technology corporation specialised in cybersecurity, software, and smart electronic devices.

OTPs sent via SMS remain a common authentication method, despite siginficant security flaws that have been known for years. Most online transactions nowadays require some kind of two-step authentication, which usually include an OTP sent via SMS.

However, many apps now require access to one’s SMS, which compromises security. A malicious app that targets OTPs only needs two permissions: one to access the internet and another to intercept SMS. With these two very commonly required permissions, the security scans of app stores often miss potential threats.

“OTP theft is quite popular, and this risk typically occurs in two major ways. First and foremost, users’ cellphones could be infected by a malware. which can be used to tap into your messages containing the OTP,” economist Nguyen Tri Hieu told VIR. “Secondly, users could get duped into revealing their OTP by fraudsters. For instance, there are many messages, or online links that might trick users to share personal banking details. In some cases, fraudsters could pose as bank tellers, talking about renewing or upgrading existing credit or debit cards of the victims to get the OTP.”

He added that the biggest weakness of the SMS OTP method is the lack of anti-denial, meaning that the system cannot verify who is carrying out the transaction. For example, if a hacker lures a user to a fake money transfer page, all information the user enters will be passed on to the hacker. They will then have a login information and an OTP code to perform the transaction on another device. The system is incapable of determining who made the transaction.

Risks abound

Regarding the incident of Tran Viet Luan, the representative of Vietcombank said Luan’s account was activated with the VCB Digibank application on another device. Vietcombank reported that the carrier has sent a total of eight messages, including four confirmation messages and four balance changes to the Luan’s phone, which he did not receive. The incident is still being investigated.

Vo Do Thang, director of privately-run Athena Cyber Security Center, said that OTP attacks are quite frequent, not only in Vietnam but all over the world.

“However, the decisive factor of safety lies within the user, not the method,” Thang said, adding that the main reasons of account theft are personal mistakes and a lack of experience in self-protection. “Many people freely log in to public Wi-Fi or download spyware without knowing it. Hackers can fully exploit this habit to access the user’s OTP code. Two-layer security by OTP will become less secure if we use it on an insecure device,” said Thang.

When installing new software, it is advised to refrain from allowing too many permissions to applications, such as reading SMS or accessing the internet if not needed. In addition, smartphone users should also use anti-malware software.

Though digital signatures are popular around the world and used in many fields in Vietnam such as customs, insurance, and taxation, Cuong said this method has not been developed by banks due to legal barriers regarding the use of mobile phones. At the same time, OTP is far more superior to digital signatures in terms of convenience when making transactions between different devices.

Le Anh Dung, deputy director of the State Bank of Vietnam’s Payment Department, said he expects the Ministry of Information and Communications and the Ministry of Public Security will speed up their progress to complete a comprehensive decree on protecting personal data and electronic identification. VIR

Luu Huong

Facebook accounts vulnerable to Vietnamese hackers

Facebook accounts vulnerable to Vietnamese hackers

The account of the former footballer Ivanovic has been appropriated by Vietnamese hackers, raising concern about the security of Facebook accounts.

Security experts ask internet users to better protect themselves

Security experts ask internet users to better protect themselves

Truong Quynh Mai was terrified when she received a phone call saying she had been a victim of fraud in Ha Noi and needed to go to the local police station. 


Da Nang aims to attract ultra-wealthy

A livable city is certainly worth visiting, but a place worth visiting doesn’t mean it is livable. Da Nang City is striving to become a livable city and a destination for the ultra-wealthy.

Fake news, malicious information spread mostly via Google, Facebook

Some foreign companies providing cross-border services to Vietnam are still not preventing malicious information on their platforms.

Ministry proposes cuts to VAT, luxury taxes to help lower petrol prices

The Ministry of Finance (MOF) has submitted to the Prime Minister a plan to reduce the luxury tax and VAT on petroleum products in an effort to curb prices.

'Hop on Hop off' with Tinder Explore this summer

For the first time, young Tinder users joined an iconic double-decker bus ride, “Tinder Explore - Match Your Vibe bus", to explore exciting dating spots in HCM City.

Five local destinations win Asia’s Best Awards

Five Vietnamese destinations were named among the Top 10 leading cities and islands in the Southeast Asian region, as announced by US magazine Travel + Leisure’s Asia’s Best Awards 2022.

Vietnam to export passion fruits to China from July 1

The General Administration of Customs (GAC) of China has just approved the pilot import of Vietnamese passion fruits from July 1, according to the Vietnam Sanitary and Phytosanitary Notification Authority and Enquiry Point (SPS Vietnam).

The Moffatts and 911 schedule Hanoi performance

Some of the world’s leading bands, including The Moffatts and 911, are set to play a concert at Yen So Park-Gamuda Land in Hoang Mai district of Hanoi on August 6.

Transfermarkt names Quang Hai as local player highest market value

Vietnamese midfielder Nguyen Quang Hai has been valued at Є400,000, equal to VND10 billion, and tops the list of Vietnamese footballers with the highest market value, according to renowned German football site Transfermarkt.

Toy figurine making in Xuan La village

Xuan La village in Hanoi’s Phu Xuyen district has long been famous for making To He, a traditional toy made of rice powder. This is the only village in Vietnam that makes the toy figurine

Vietnam opposes and demands Taiwan to cancel live-fire drills on Ba Binh island

Vietnam resolutely opposes and demands Taiwan to cancel live-fire drills in the waters around Ba Binh island belonging to Vietnam’s Truong Sa (Spratly) archipelago and not to repeat similar violations in the future.

Calligraphy book on poet Nguyen Dinh Chieu recognised as world record

WorldKings and Vietkings on July 1 recognised Collection of Nguyen Dinh Chieu’s Poems, a calligraphy book on poet Nguyen Dinh Chieu as the largest calligraphy book in Vietnamese of poet Chieu's poems in the world.

Hanoi market sees strong development in premium offices

Office real estate is thriving, with new Grade A buildings entering the Hanoi market at the end of the year, according to Savills Vietnam.

Vietnam's HDPE pellets not subject to safeguarding duties in Philippines

The Philippine Tariff Commission (TC) has announced the final conclusion on a safeguard investigation on High-Density Polyethylene (HDPE) pellets imported from many countries, including Vietnam.

NA deputy: drug bidding mechanism is unreasonable

Pham Khanh Phong Lan, a National Assembly from HCM City, said the problems in the healthcare sector have existed for a long time but became even clearer during Covid-19.

Vietnam looks forwards to stronger investment from US, Europe

Vietnam is hoping to attract more investment from the US, Europe and major global enterprises under a recently approved strategy on foreign investment cooperation.