The Android application of ABN Amro, allowing customers money transfer, contained a security vulnerability that man in the middleattacks were possible. The application did not or the used ssl certificate is knocked.
Because the domain for which the certificate was issued has not been checked, was it for a malicious as possible to the transmitted data to decrypt. Would he or she first the user’s internet connection should be intercepted via a man-in-the-middle attack, for example, by a rogue wi-fi hotspot.
On 17 december, a few days after the students present their findings reported to the bank, was a patched version released. Users that their app is not updated, however, are still fragile, signs the university. It is unclear why the bank customers with an insecure version of the application does not block. The bank was not reachable for comment.
It is the second security issue at ABN Amro in half a year time. In August, it proved possible to control the device that is used to establish the identity of the customer to check, to crack. Transactions could be manipulated, allowing attackers money could, diverting to their own account. Last year showed that the banking app of ING the ssl certificate of the bank is not checked.