|
A security bug called OpenSSL Heartbeel is putting e-banking transactions at risks. -- Photo cafef.vn |
HA NOI (Biz Hub) – Vietnamese security platform HVA Online on April 8 called for e-banking and payment portal users to temporarily avoid making online transactions because of a bug called OpenSSL Heartbleed.
Many websites, including techcrunch.com, reddit.com and heartbleed.com, have previously warned of this threat. The bug creates a serious vulnerability in the popular OpenSSL cryptographic software library, allowing hackers to steal information protected by SSL/TLS encryption, which is used to secure Internet traffic.
HVA Online expert Nguyen Hong Phuc told the Thanh Nien (Young People) newspaper that many hackers had exploited the vulnerability to a great extent, which allows them to easily collect bank card information. Some 15 payment websites in Viet Nam have been attacked, and the volume of stolen data can't be estimated.
"As long as the vulnerable version of OpenSSL remains in use, it can be abused. The patched version has been created and has yet to be released to consumers," heartbleed.com stated, providing a link to the fixed version.
Phuc pointed out that several payment portals, such as smartlink, 123pay and paygate, were fixed immediately on April 8, but some websites, such as nganluong.vn and onepay.vn, were still at risk.
On April 9, most e-banking homepages were fixed, but whether the entire e-banking system is now secure remains unconfirmed.
"The only advice most international security experts offer at present is that users should halt all online transactions until the e-banking and payment portals officially notify users that their websites are safe," said Phuc.
He also recommended that users who have conducted transactions since April 7 should change their account passwords.
LienVietPostBank deputy general director Nghiem Sy Thang, who is in charge of information technology, claimed the bank's payment website is secure, adding "We will check the system very carefully and will promptly notify customers in case of threats."
Vietcombank deputy general director Dao Minh Tuan also called for caution among consumers and noted that the bank would immediately check all Internet-related infrastructure to prevent hacking attacks.
Nguyen Xuan Hoa, director of BIDV's information technology centre, said the bank has co-operated with public security authorities and security firm BKAV to control risks, and more rigorous inspections will be conducted more often. -- VNS