A Wi-Fi security flaw has been fixed in AIB branches where a pilot exercise involving tablet computers was being rolled out, the bank confirmed.
A customer had spotted a vulnerability in terms of how the wireless network was set up in one of the branches and warned the bank that a loophole existed for a potential attacker to exploit.
The bank told Silicon Republic that it was satisfied there was no risk to customer data and that no breach occurred.
The customer who spotted the vulnerability also happened to be an IT security consultant.
Following the tip-off, the security flaw was identified and more stringent methods were being applied by the bank, a spokesperson told Silicon Republic.
Avoid common mistakes when it comes to Wi-Fi security
Security expert Tom O’Connor from Lan.ie happened to be in his local branch in Navan, Co Meath, and had been advised by a teller to input his details via a Samsung tablet in the branch.
“I noticed that I was connecting over a Eircom Wi-Fi connection I was then shocked to see the same Wi-FI connection was available to the public without a password,” O’Connor said.
“Using a web app on my phone which tells me information of the network I am connected to, the app listed all the tablets on the network and the Zytel router along with their local IP information. The machines were all behind the one DNS gateway.”
The danger O’Connor warned of was that an attacker could poisoin the DNS gateway and route traffic through their personal device rather than the Zytel router.
He said that this is a common mistake when IT providers deploy secure socket layer (SSL) security, because there is an assumption that the data is secure and encrypted.
Pilot tablet banking project
AIB said that the pilot project involving Wi-Fi-connected tablets in branches is only at an early stage and thanked O’Connor for his observation.
“We are always enormously grateful when our customers take the time to give us their views on how we can improve our services to them.
“AIB has been conducting a pilot tablet banking project in a small number of branches. AIB has in place many levels of assurance to protect our customers’ financial information.
“We are very aware of the security implications highlighted by the consultant.
“We regularly test new solutions with customers to gauge their feedback and provide additional levels of assurance for such customer pilots before we progress to full rollout of services.
“It’s always very useful to receive feedback to ensure our banking solutions meet our customer needs,” AIB told Silicon Republic.
