IVRS vulnerable to hacking: Experts
Panaji: The phone based interactive voice response systems used by banks are vulnerable to data theft and manipulation of information, warn some cyber experts.
The vulnerabilities of Interactive Voice Response System (IVRS) were exposed at the Nullcon-- a conference of cyber security personnel attended by ethical hackers, government officials, intelligence organisations and cyber security firms here.
A leading cyber security expert explained today how IVRS can be a hacker`s paradise for stealing anyone`s personal information using their phones as these systems remain mostly unaudited and lack key security features.
Rahul Sasi, a cyber security expert and a member of global community garage4hackers.com, said one of the major lacunae with the IVRS is lack of confirmation procedure whether data is entered by human or machine -- called as capatcha.
Through a computer program, he explained how easy it was to get an account number and four digit ATM pin code in a phone banking system as the IVRS could not detect whether data was entered by a human user or a computer.
"Since there is no capatcha, method in which simple questions are asked like 1+1 equals to what, which are common in computer based systems to determine whether user is human or machine one can enter loads of permutations as account number and passwords to get a new password using softwares," he said and also gave a demonstration on how he managed to enter into his own account using the method.
"The worst part is most of these phone banking methods are usually unaudited for security checks and the programs are also not up to the mark, making them vulnerable," Sasi told PTI.
He said although through phone banking the hackers have only characters from 0-9 besides star and hash key but even then they can be used to enter complex commands to infect the system with virus.
23-year-old Sasi is working in the field of cyber security for last six years and is a known name in the field of ethical hackers who are exposing vulnerability of computer systems used by various organisation including the government agencies.
"I found that no one was paying attention to vulnerability of IVRS because it was considered safe. With some perseverance I was able to find the loop holes. It is important that security audits are done for the IVRS also just like web based applications.
"In the absence of these we could not know if such cases happened in banks. Our job is to expose vulnerability now its their job to pull up their socks and install security measures," he said.
More from India
More from World
More from Sports
More from Entertaiment
- Is population control next on central govt's agenda after demonetization?
- Watch: Jayalalithaa's last rites performed by her close friend and aide Sasikala Natarajan
- Jayalalithaa's funeral procession: Sea of mourners gather to pay last respects
- Watch: Tracing the journey of late Tamil Nadu CM Jayalalithaa from films to politics
- DNA: Know why Jayalalithaa was buried and not cremated
- RIP Amma: Jayalalithaa dies after 75 days in hospital; Tamil Nadu mourns
- Twitter users blast Arvind Kejriwal as he says 'Modi will never appoint a Muslim Vice President no matter what Jung does'
- RBI to issue new Rs 100 banknotes, old notes to continue as legal tender
- Airtel’s free 4G internet offer may be a ploy to steal your data
- J Jayalalithaa passes away: Know what all she left behind in assets