Half of UK financial institutions vulnerable to well-known crypto flaws
We can’t name names, say consultancy, suffice to say they’re at risk
Fifty per cent of UK high street financial institutions utilise weak SSL certificates on their secure authentication portals, according to a new study by Xiphos Research.
An assessment of 84 UK- and foreign-owned banking institutions in November by the international information security firm, and published on Monday, found that more than half were running SSL certificates that may expose their customers data to unwarranted risk.
Problems identified included certificate instances that may be vulnerable to well-documented attacks, such as CRIME and POODLE, as well as other crypto flaws.
Xiphos is not naming the affected organisations but its findings are nonetheless credible because individual instances of banks failing to update sites in the weeks after serious crypto flaws (such as POODLE) are well known.
The security consultancy may not have been able to contact many of the impacted organisations, a factor that led it to avoiding naming names.
In cases where it couldn’t contact organisations directly it passed on its findings via the Financial Conduct Authority and NCA (National Crime Agency). ®