It was only last week that we applauded banks for introducing cardless ATMs in an effort to curb financial fraud. But with the latest bank heists, it may help to turn up the offense and defense. Why? Hackers were able to drill a hole, connect a wire, cover it up with a sticker and the ATM will automatically and obediently dispense thousands. Another group of enterprising hackers changed a bank’s DNS, taking over their website and mobile sites, redirecting customers to phishing sites.
But let’s be honest and realistic. Bank security is no easy feat. They’re complicated systems with a large attack surface to defend. Whereas attackers only need to find one vulnerability, sprinkle it with technical expertise, and gets to decide when and how the attack happens. Moreover, they don’t have to worry about bureaucracy, meeting compliance and following laws. The bottom-line is that attackers have more flexibility and are more agile.
In addition to evolving bank security threats, we also covered the following:
- Android overtakes Windows as the internet’s most used operating system
- Whose responsibility is it to revoked SSL certificates if they’re obvious phishing sites?
- Your smart TV doesn’t need to be connected to the internet to have a security fail
- Connecting technology with textiles to create smart textiles is an ambitious task!
Tool of the week: ngrok, secure introspected tunnels to localhost
- Follow the Inside Out Security Show panel on Twitter @infosec_podcast
- Add us to your favorite podcasting app: