Guwahati: A first semester student of Computer Science Engineering course in Assam Don Bosco University (ADBU) School of Technology has discovered a flaw in the design of the passbooks of several Indian banks that can be leveraged to obtain a client’s account balance and his transaction history.
Indrajeet Bhuyan, an independent security researcher, had previously identified two WhatsApp vulnerabilities that took the cyber world by storm by making a code of 2kb which could crash WhatsApp and also reported security loopholes in the WhatsApp web client that in some way exposes a user’s privacy.
The ‘ethical hacker’ is selected to speak at the prestigious Ground Zero Summit scheduled to be held in New Delhi, November 5-8.
Bhuyan’s paper also got selected at the prestigious ToorCon Conference to be held in San Diego California, October 21-25 which he will not attend due to the late arrival of the invitation. For past 17 years, ToorCon has brought together industry leaders and professionals from around the world to learn the latest computer security and technology applications and techniques to better serve the world.
Bhuyan, who is among speakers at the New Delhi summit, will speak on “Authentication Flaw in Automatic Bank Passbook Printing Machine.”
He says, “Earlier people had to go and consult a bank employee in order to update their bank passbook. But recently The State Bank of India has installed an automatic passbook printer called ‘Swayam’ using which any customer can update his/her passbook just by inserting the passbook into the machine.”
Quickly many other major banks in India too followed the same.
Unlike ATMs where one needs to insert credit/debit cards and enter password given by the banks in order to withdraw money, here in the automatic passbook printing machine the customer don’t need to enter any cards or passwords. All they need to do is just insert the passbook and they get their entire transaction details history printed in their new passbook.
In his presentation, Bhuyan will show how to fool the automatic passbook printing machines and instantly get just about anyone’s complete bank account balance and full transaction details. This vulnerability presently affects all major Indian Banks and every one’s personal banking details are at risk of being exposed by this simple hack.
Apart from the Conference, the authorities are also likely to arrange for a meeting of Mr. Bhuyan with government agencies that can enforce banks to fix this issue.
Ground Zero Summit is the largest collaborative platform in Asia for Cyber Security Experts and Researchers to address emerging cyber security challenges and demonstrate cutting-edge technologies.
The organizers will provide Bhuyan with travel by flight and five star accommodations at The Ashok New Delhi, a cash award of 25,000 rupees and a free trip to Taj Mahal. He also stands a chance to win 100,000 rupees given to four best speakers.