Friday, January 20, 2017

BHIM app, highly vulnerable

BHIM app, highly vulnerable

Prime Minister Narendra Modi is pushing India towards cashless money encouraging the use of online transaction and card transaction. To do an online transaction one needs an internet connection, while internet facility is used by only 10 percent people in India.

To overcome this problem Narendra Modi has recently launched the BHIM (Bharat Interface for Money), which does not require any kind of Internet. This app is linked to your Aadhaar number.

The government's first own money transfer app has some serious security flaws which could give a break to the cashless economy. Security researchers have found that a hacker can easily gain access to the data of the user's by just writing some basic codes.

“The BHIM app is written in a very amateur way and the entire code is unprotected, which means it can be easily downloaded and modified by anyone,” said Mumbai-based security expert Prashant Mali.

According to the researcher, to hack the BHIM app,  one just need to download the .apk file of the app and then do some modification in the codes so that it could store the user's bank details when they type in, and then they can have the full control over their account. As one can easily access and modify the code, then one can easily launch a fake app.

“The app also has SQL (Structured Query Language) injection vulnerability, using which hackers can extract bank account details easily,” Mali said. He also discovered that the app is highly vulnerable to a ‘denial of services’ attack.

However, some of the experts believe that the app was written and launched in great hurry,  due to which the coders might not have time to test and rectify the vulnerabilities in the app.

Because of the push of the  Centre for adopting digital payment methods, many companies are launching apps without any sufficient security tests, which has put the users at a great risk. 

0 comments:

Post a Comment