Security Flaw Put RBS Customers At Risk Of Cyber-attack

People looking at computer screenImage copyright Eyewire
Image caption The software was created to spot and stop malicious cyber-attacks

Royal Bank of Scotland (RBS) customers have been put at risk of cyber-attack after being recommended flawed security software.

Since January, the banking group has begun to offer its business banking customers a product called Thor Foresight Enterprise free of charge.

Heimdal Security sells it as "next generation protection" against cyber-threats.

Security researchers uncovered a flaw in it that made customers less secure.

The bug has now been fixed with Heimdal Security estimating that about 50,000 people were using the vulnerable software.

RBS said it had only affected Natwest customers as it was not yet being offered to its RBS and Ulster banks.

The company would not disclose how many of its customers would have been at risk.

Pen Test Partners discovered the security flaw which they say is extremely serious.

Security Researcher Ken Munro told the BBC: "We were able to gain access to a victim's computer very easily. Attackers could have had complete control of that person's emails, internet history and bank details."

"To do this we had to intercept the user's internet traffic but that is quite simple to do when you consider the unsecured public wi-fi out there, and it's often all too easy to compromise home wi-fi set ups.

"Heimdal Thor is security software that runs at a high level of privilege on a user's machine. It's essential that it is held to the highest possible standards. We feel they have fallen far short."

The security software acts as a filter and aims to spot and stop common cyber-attacks that try to steal data or lock it away in ransomware.

Heimdal was quick to respond to the discovery and has now fixed the flaw and thanked the security researchers for disclosing the bug.

In a statement, Heimdal's chief executive Morten Kjaersgaard said: "We naturally treat information like this very seriously. We issued a fix and automatically updated 97% of all affected endpoints within four days of being informed, and the rest shortly after."

The company said that the vulnerability was only "in the wild" for about three weeks and affected around 50,000 computers - 8% of the number of machines running the Thor software.

An RBS spokesperson said: "We were made aware of a potential software issue that could apply to a small number of our early-adopting customers."

The banking group praised Heimdal's speed in fixing the issue and went on to claim that "no customers suffered any adverse consequences".

RECENT NEWS

From Chip War To Cloud War: The Next Frontier In Global Tech Competition

The global chip war, characterized by intense competition among nations and corporations for supremacy in semiconductor ... Read more

The High Stakes Of Tech Regulation: Security Risks And Market Dynamics

The influence of tech giants in the global economy continues to grow, raising crucial questions about how to balance sec... Read more

The Tyranny Of Instagram Interiors: Why It's Time To Break Free From Algorithm-Driven Aesthetics

Instagram has become a dominant force in shaping interior design trends, offering a seemingly endless stream of inspirat... Read more

The Data Crunch In AI: Strategies For Sustainability

Exploring solutions to the imminent exhaustion of internet data for AI training.As the artificial intelligence (AI) indu... Read more

Google Abandons Four-Year Effort To Remove Cookies From Chrome Browser

After four years of dedicated effort, Google has decided to abandon its plan to remove third-party cookies from its Chro... Read more

LinkedIn Embraces AI And Gamification To Drive User Engagement And Revenue

In an effort to tackle slowing revenue growth and enhance user engagement, LinkedIn is turning to artificial intelligenc... Read more

We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy.