IVRS vulnerable to hacking: Experts
Panaji: The phone based interactive voice response systems used by banks are vulnerable to data theft and manipulation of information, warn some cyber experts.
The vulnerabilities of Interactive Voice Response System (IVRS) were exposed at the Nullcon-- a conference of cyber security personnel attended by ethical hackers, government officials, intelligence organisations and cyber security firms here.
A leading cyber security expert explained today how IVRS can be a hacker`s paradise for stealing anyone`s personal information using their phones as these systems remain mostly unaudited and lack key security features.
Rahul Sasi, a cyber security expert and a member of global community garage4hackers.com, said one of the major lacunae with the IVRS is lack of confirmation procedure whether data is entered by human or machine -- called as capatcha.
Through a computer program, he explained how easy it was to get an account number and four digit ATM pin code in a phone banking system as the IVRS could not detect whether data was entered by a human user or a computer.
"Since there is no capatcha, method in which simple questions are asked like 1+1 equals to what, which are common in computer based systems to determine whether user is human or machine one can enter loads of permutations as account number and passwords to get a new password using softwares," he said and also gave a demonstration on how he managed to enter into his own account using the method.
"The worst part is most of these phone banking methods are usually unaudited for security checks and the programs are also not up to the mark, making them vulnerable," Sasi told PTI.
He said although through phone banking the hackers have only characters from 0-9 besides star and hash key but even then they can be used to enter complex commands to infect the system with virus.
23-year-old Sasi is working in the field of cyber security for last six years and is a known name in the field of ethical hackers who are exposing vulnerability of computer systems used by various organisation including the government agencies.
"I found that no one was paying attention to vulnerability of IVRS because it was considered safe. With some perseverance I was able to find the loop holes. It is important that security audits are done for the IVRS also just like web based applications.
"In the absence of these we could not know if such cases happened in banks. Our job is to expose vulnerability now its their job to pull up their socks and install security measures," he said.
Download the all new Zee News app for Android and iOS to stay up to date with latest headlines and news stories in Politics, Entertainment, Sports, Technology, Business and much more from India and around the world.
More from India
More from World
More from Sports
More from Entertaiment
- DNA: Heart-wrenching reality of Kashmiri pandits
- DNA: Bengaluru's Mount Carmel college students show country's ideology to Rahul Gandhi
- Proud to be an Indian, no plans to leave the country, says Aamir Khan
- Rahul Gandhi's embarrassment in front of Bengaluru college students
- DNA: Aamir Khan clarifies his love towards nation but sticks to previous statement
- Yuvraj Singh completes 8000 runs in first class cricket
- Eat smart to slow down ageing and increase longevity!
- Intolerance issue: Those attacking me are only proving my point, says Aamir Khan – Read full statement
- Woman commits suicide after heated discussion with husband over Aamir Khan's intolerance remark
- Delhi gang-rape: Show juvenile rapist's face to the world, demand Nirbhaya's parents