Online Banking Sites Compromised by Design Flaws
More than 75 percent of bank webites in a recent survey have at least one design flaw that could make customers vulnerable to cyber thieves.This according to a new University of Michigan study of online banking.
These design flaws stem from the flow and the layout of the websites, according to the study. Led by Atul Prakash, a professor in the Department of Electrical Engineering and Computer Science at the University of Michigan, doctoral students Laura Falk and Kevin Borders examined the websites of 214 financial institutions in 2006. They will present "Analyzing Web sites for user-visible security design flaws" findings at the Symposium on Usable Privacy and Security meeting at Carnegie Mellon University on July 25.
The design flaws they found aren't bugs that can be fixed with a patch. They stem from the flow and the layout of these sites, according to the study.
Flaws include placing log-in boxes and contact information on insecure web pages, as well as failing to keep users on the site they first came to visit. Prakash notes some banks may already have resolved these problems since the survey's data was collected, but overall sees there still is much need for improvement. These flaws leave cracks in security that hackers could exploit to gain access to private information and accounts. The design flaws that the team looked for included:
Prakash said he began the study after he saw flaws on his own financial institutions' websites. To read more about the vulnerabilities the study examined: http://www.eecs.umich.edu/~aprakash/bank-faq.html.