Online banking customers urged to update software after Apple security flaw
ONLINE banking customers are more vulnerable to fraud than ever, experts have warned, following news of a major security issue in Apple software.
Consumers and businesses using iPads, iPhones and other Apple machinery are now being urged to update their devices, or leave themselves vulnerable to "phishing" attempts and other forms of online fraud. Email and online banking customers are thought to be particularly vulnerable.
The security flaw in question was only detected late last week – "but we think it's been there for a couple of months at least", said Mike Harris, cybersecurity partner at Grant Thornton. It was caused by a single line of code that was accidentally duplicated.
The flaw allows critical checks on a website's security certificate to be over- looked when users try to establish a secure connection.
This means that a hacker could potentially masquerade as a trusted website, like Gmail or Facebook – or an online banking portal – and get access to financial data or other sensitive information.
"It's really a problem where users share a wireless internet (wi-fi) signal" said Mr Harris.
"Hackers could potentially listen in to your email conversations, or direct you to fraudulent banking websites to obtain your login details."
Other experts said it was the worst security issue experienced by technology giant Apple.
"It's as bad as you could imagine, that's all I can say," said Johns Hopkins University cryptography professor Matthew Green.
Apple has now issued a "patch" or software update for mobile devices – but owners of Apple desktop PCs, which have also been affected, were still without an update at the time of writing.
Only devices programmed to update automatically will be protected. In some situations, users will have to manually install the update themselves.
"It depends how your device is configured" said Mr Harris. "In general, it's good advice from a security perspective to allow automatic updates."
The scandal could hurt Apple, he warned. "The impact here is reputational," he said. "This will erode trust – and customer trust is one of the foundations that Apple is built on."
The country's banks, meanwhile, have not reported any uptake in phishing activity or other banking-oriented online fraud attempts. But since the flaw was only made public recently, fraudsters may only be trying to take advantage of it now.