return icon

Exploitable security plagues digitalisation

Disruptive technologies spur the evolution in the financial landscape, with comprehensive applications providing convenient access to customers’ banking needs.

However, unbeknownst to many, hackers can easily find a way around the most common two-factor authentification methods.

Vietcombank’s (VCB) Digibank phone app.

Tran Viet Luan from Ho Chi Minh City had his account activated via Vietcombank’s (VCB) Digibank phone app, and within seven minutes, VND406 million ($17,650) was transferred to a beneficiary at MSB and SeABank.

Vietcombank’s VCB Digibank, launched in July, integrates the bank’s online trading platforms with its existing services. The state-owned lender believes the app will offer an excellent experience to customers.

Following this lead, most banks are upping the ante in consumer experience, with some trying to blend experiences from the physical and digital worlds.

For instance, VietinBank offers VietinBank iPay Mobile. Meanwhile, HSBC positioned its signature “Banking on the way” app that lets users conduct transactions wherever they are. Standard Chartered is also bringing cutting-edge solutions to customers such as biometrics logins, facial recognition, and fingerprint authentication.

However, security is a major concern for users since the potential for losses is huge. For example, after conducting his money transfer through VCB’s Digibank phone app, since Luan from Ho Chi Minh City did not receive an SMS with a verification code or any notification of the transaction, he was unaware of the money lost until he went to the bank for another transaction.

In another case, earlier this year, 24-year-old Phan The Anh from the north-central province of Thanh Hoa was arrested and sentenced to 30 months for illegally usurping others’ property. He and other fraudsters tricked victims to get a one-time-password (OTP) code, then transferred VND100 million ($4,350) from the victim’s account to their own.

Tricky technology

“During the last year, there have been many cases where hackers exploited the weaknesses of SMS OTP authentication,” said Nguyen Tu Quang, CEO of Bkav, a Vietnamese technology corporation specialised in cybersecurity, software, and smart electronic devices.

OTPs sent via SMS remain a common authentication method, despite siginficant security flaws that have been known for years. Most online transactions nowadays require some kind of two-step authentication, which usually include an OTP sent via SMS.

However, many apps now require access to one’s SMS, which compromises security. A malicious app that targets OTPs only needs two permissions: one to access the internet and another to intercept SMS. With these two very commonly required permissions, the security scans of app stores often miss potential threats.

“OTP theft is quite popular, and this risk typically occurs in two major ways. First and foremost, users’ cellphones could be infected by a malware. which can be used to tap into your messages containing the OTP,” economist Nguyen Tri Hieu told VIR. “Secondly, users could get duped into revealing their OTP by fraudsters. For instance, there are many messages, or online links that might trick users to share personal banking details. In some cases, fraudsters could pose as bank tellers, talking about renewing or upgrading existing credit or debit cards of the victims to get the OTP.”

He added that the biggest weakness of the SMS OTP method is the lack of anti-denial, meaning that the system cannot verify who is carrying out the transaction. For example, if a hacker lures a user to a fake money transfer page, all information the user enters will be passed on to the hacker. They will then have a login information and an OTP code to perform the transaction on another device. The system is incapable of determining who made the transaction.

Risks abound

Regarding the incident of Tran Viet Luan, the representative of Vietcombank said Luan’s account was activated with the VCB Digibank application on another device. Vietcombank reported that the carrier has sent a total of eight messages, including four confirmation messages and four balance changes to the Luan’s phone, which he did not receive. The incident is still being investigated.

Vo Do Thang, director of privately-run Athena Cyber Security Center, said that OTP attacks are quite frequent, not only in Vietnam but all over the world.

“However, the decisive factor of safety lies within the user, not the method,” Thang said, adding that the main reasons of account theft are personal mistakes and a lack of experience in self-protection. “Many people freely log in to public Wi-Fi or download spyware without knowing it. Hackers can fully exploit this habit to access the user’s OTP code. Two-layer security by OTP will become less secure if we use it on an insecure device,” said Thang.

When installing new software, it is advised to refrain from allowing too many permissions to applications, such as reading SMS or accessing the internet if not needed. In addition, smartphone users should also use anti-malware software.

Though digital signatures are popular around the world and used in many fields in Vietnam such as customs, insurance, and taxation, Cuong said this method has not been developed by banks due to legal barriers regarding the use of mobile phones. At the same time, OTP is far more superior to digital signatures in terms of convenience when making transactions between different devices.

Le Anh Dung, deputy director of the State Bank of Vietnam’s Payment Department, said he expects the Ministry of Information and Communications and the Ministry of Public Security will speed up their progress to complete a comprehensive decree on protecting personal data and electronic identification. VIR

Luu Huong

Facebook accounts vulnerable to Vietnamese hackers

Facebook accounts vulnerable to Vietnamese hackers

The account of the former footballer Ivanovic has been appropriated by Vietnamese hackers, raising concern about the security of Facebook accounts.

Security experts ask internet users to better protect themselves

Security experts ask internet users to better protect themselves

Truong Quynh Mai was terrified when she received a phone call saying she had been a victim of fraud in Ha Noi and needed to go to the local police station. 


SOE equitization: investors target ‘golden land’ owned by enterprises

Some state-owned enterprises (SOEs), after equitization, have changed their production and business models to exploit advantages in land, thus ‘killing’ their core businesses.

GameFi has potential to attract billions of dollars worth of foreign capital

To help promote development of Vietnam’s startups, Blockchain-based game projects can also help attract foreign capital, another source for tax collection.


15th National Assembly to commence third session on May 23


AMRO forecasts Vietnam’s strong recovery amidst external headwinds

Vietnam unveils national costume for Miss International Queen 2022

Vietnamese representative Phung Truong Tran Dai officially unveiled an outfit that she will wear during the National Costume Competition at the Miss International Queen 2022 pageant set to take place in June in Thailand.

Exploring the unspoiled beauty of Du Gia

The striking beauty, peaceful nature and fresh air of Du Gia Village in Ha Giang Province never ceases to enchant travelers.

Vietnamese stocks see world-leading growth

The surge of several leading stocks is deemed as a driving force for Vietnam's stock market achieving the world's strongest gains.

Lam Kinh ancient royal capital holds feudal mysteries

The special national relic site of the Lam Kinh ancient royal capital of the Later Le Dynasty in Thanh Hoa's Tho Xuan District harbours mysterious tales about one of the most significant Vietnamese feudal reigns.

Artist goes bananas with rustic artworks

Dried banana bark might sound useless to many, but by using his creativity and skill, artist Phan Van Dac in Quang Binh Province creates vivid landscapes and soulful portraits.

Vietnam Airlines posts VND2.6-trillion net loss in Q1

Vietnam Airlines reported a net loss of over VND2.6 trillion in the first quarter of 2022, sending the national flag carrier’s accumulated loss up to VND24.5 trillion, or over US$1 billion.

Developers clamour for legal clarity

Real estate leaders suggest that detailed regulations are needed to promote a healthy condotel, officetel, and resort villa sector in Vietnam.

Soaring petrol price impacting multitude of industries

A surge in the world’s oil price is benefiting oil and gas businesses, but causing difficulties for other producers and pressurising the government’s efforts to rein in inflation.

Preserving the Mekong Delta's floating markets

The Mekong Delta's famed floating markets, where speciality products are sold on boats, provide a unique environment thatnbsp;is popular amongnbsp;both local and foreign visitors.

Lifebuoys available on rivers to prevent drowing

Tens of red and white lifebuoys have recently been hung on Long Bien Bridge crossing the Red River, Hanoi by a group of volunteers in the hope of saving drowning victims.

Urgent action needed on primate protection

A report by ENV showed that only 30% of total poaching violations in Vietnam were discovered, while 70% were unknown, meaning that the number of the langurs hunted in the forest was unclear.