IVRS vulnerable to hacking: Experts
Panaji: The phone based interactive voice response systems used by banks are vulnerable to data theft and manipulation of information, warn some cyber experts.
The vulnerabilities of Interactive Voice Response System (IVRS) were exposed at the Nullcon-- a conference of cyber security personnel attended by ethical hackers, government officials, intelligence organisations and cyber security firms here.
A leading cyber security expert explained today how IVRS can be a hacker`s paradise for stealing anyone`s personal information using their phones as these systems remain mostly unaudited and lack key security features.
Rahul Sasi, a cyber security expert and a member of global community garage4hackers.com, said one of the major lacunae with the IVRS is lack of confirmation procedure whether data is entered by human or machine -- called as capatcha.
Through a computer program, he explained how easy it was to get an account number and four digit ATM pin code in a phone banking system as the IVRS could not detect whether data was entered by a human user or a computer.
"Since there is no capatcha, method in which simple questions are asked like 1+1 equals to what, which are common in computer based systems to determine whether user is human or machine one can enter loads of permutations as account number and passwords to get a new password using softwares," he said and also gave a demonstration on how he managed to enter into his own account using the method.
"The worst part is most of these phone banking methods are usually unaudited for security checks and the programs are also not up to the mark, making them vulnerable," Sasi told PTI.
He said although through phone banking the hackers have only characters from 0-9 besides star and hash key but even then they can be used to enter complex commands to infect the system with virus.
23-year-old Sasi is working in the field of cyber security for last six years and is a known name in the field of ethical hackers who are exposing vulnerability of computer systems used by various organisation including the government agencies.
"I found that no one was paying attention to vulnerability of IVRS because it was considered safe. With some perseverance I was able to find the loop holes. It is important that security audits are done for the IVRS also just like web based applications.
"In the absence of these we could not know if such cases happened in banks. Our job is to expose vulnerability now its their job to pull up their socks and install security measures," he said.
More from India
More from World
More from Sports
More from Entertaiment
- PM Modi speaks at Golden Jubilee celebrations of poet Dinkar’s works
- Vadodara: Policemen seen dancing with bar girls
- Coal scam: Naveen Jindal, Madhu Koda and others get bail
- DNA: IAF Mirage 2000 fighter plane lands successfully on Yamuna expressway
- Zee Media Exclusive: Kangana, Madhavan talk about their film 'Tanu Weds Manu Returns'
- One year of Modi govt: Arun Jaitley addresses press conference
- DNA: Osama documents show 'Indian brother in Madinah' financed al Qaeda
- DNA: Harmful chemicals found in Maggi, Nestle India still in denial mode
- ISIS executes Syrian fighter using anti-tank rocket launcher
- CM Kejriwal shortlists 39 'unwanted' IAS officers in Delhi
- Zee Media Exclusive interview with Congress leader Kamal Nath
- Columbia student takes rape-protest mattress to graduation
- Mumbai: One injured in shootout at Film City
- DNA: Modi-led NDA govt's hits and misses in one year
- Delhi: Car catches fire after crash, one dead
- Jayalalithaa makes public appearance, meets Governor: As it happened
- IPL 2015, Qualifier 2: CSK vs RCB - As it happened...
- India to soon have its own space shuttle!
- Kejriwal slams notification on LG's powers, says Modi running Delhi govt through back door
- Tanu Weds Manu Returns movie review: Brilliant execution, superb performance!
- Manohar Parrikar meets troops at Siachen base camp
- Wbbse.org 10th Madhyamik Pariksha Results 2015: West Bengal Board (wbresults.nic.in) Class 10th, WB MP Results 2015 to be announced today shortly
- Businessman shot next to Amitabh Bachchan's shooting location in Mumbai Film City
- Rahul Gandhi to pressurise govt to act on one-rank-one-pension issue
- PM Narendra Modi graces Digvijay Singh's son wedding reception
- West Bengal Board (wbbse.org & wbresults.nic.in) Class 10th Madhyamik Pariksha (MP) Results 2015 to be announced today at 10 AM
- Rajasthan Board RBSE 12th Inter Results 2015: BSER Ajmer (rajeduboard.nic.in & rajresults.nic.in) Senior Secondary Class 12th Science & Commerce Exam Results 2015 to be declared today at 2 PM
- RBSE 12th Results 2015 (rajeduboard.nic.in & rajresults.nic.in): Rajasthan Board BSER Ajmer Senior Secondary Class 12th XII Intermediate Science & Commerce Exam Results 2015 to be declared today on May 22
- After land bill, net neutrality, Rahul Gandhi to fight for ex-servicemen now
- SC asks Haryana Police to quickly finish AIPMT paper leak probe