The net exposure of the Bank to pay the loopholes in the suspected SMS CAPTCHA by hackers hijacking-vulnerability warning-the black bar safety net

2015-07-20T00:00:00
ID MYHACK58:62201564837
Type myhack58
Reporter 佚名
Modified 2015-07-20T00:00:00

Description

Recently, the media exposed the Bank to pay the presence of vulnerabilities. The criminals forcibly opened the depositors of the Bank only with the SMS verification code to transactions of the“e payment”service, with illegally intercepting SMS verification code, easily removed the card money.

! ICBC to pay gaps opening“e pay”for authentication will be stolen Industry news

As shown in Figure below.

! Net exposure of the Bank to pay the loopholes in the suspected SMS CAPTCHA by hackers hijacking

【ICBC pay gaps】ICBC pay for the presence of vulnerabilities, which is exactly what is going on? If there is a vulnerability of the Bank to take those measures?

It is reported that from 6 to mid-7 in early May, a number of Beijing of the ICBC depositors suffered a Deposit stolen events. And in such cases a large common, is that depositors are mostly the criminals forcibly opened by the Bank only with the SMS verification code to transactions of the“e payment”service. At the same time, criminals by means of illegal ways to intercept SMS verification code, ease of theft of deposits.

Many industry insiders believe that, in such cases the key is that the Bank fast payment will SMS a verification code as authentication code, which carries its own risks, the SMS verification code easily be stolen, which is the shortcut to pay to bury the risk of hazards.