Is Your Money At Risk? Researcher Breaks Into German Smartphone-Only N26 Bank
Banking by smartphone may be convenient, but users of a German fintech firm that mocked traditional banks could see their accounts hijacked.
A University of Erlangen-Nuernberg researcher said he was able to hack through the defenses of smartphone-only bank N26, indicating thousands of users are at risk.
Vincent Haupert, a research fellow and Ph.D. student in computer science, Wednesday told the Chaos Communications Congress in Hamburg he found a number of ways to attack N26 banking apps, enabling him to hijack individual accounts, Reuters reported.
Haupert said he was able to request email information from N26’s software feed without challenge, enabling him to send phishing email to N26 customers that potentially could allow him to break into accounts.
"Don't worry. We didn't do this," Haupert said. "My professor had legal concerns."
N26 thanked Haupert for the heads up and said it took action to shore up security.
"At no time during these scenarios was personal data of our customers available to third parties," the company said in a statement. "No N26 customer was impacted by the demonstrated vulnerabilities.”
N26, which has no physical branches, was launched as Number26 in early 2015 with the backing of global investors, including PayPal co-founder Peter Thiel.
N26 is active in 17 European countries, with support teams that speak English, German, French, Spanish and Italian. The company has said it provides checking accounts and money transfers for 200,000 customers. In Germany, customers also can take advantage of an investment feature and holders of a premium Black card have insurance options, TechCrunch reported.
Bank accounts make tempting targets for hackers. Weak passwords, lack of two-factor authentication public Wi-Fi connections, answering suspicious emails and failure to check account balances all could put funds at risk.
Hackers have been going after central banks as well as retail accounts. Russia’s central bank was the latest one hit. Hackers stole $31 million.
Earlier this year, $951 million was stolen from the Bangladesh Bank. A further $850 million in transfers were blocked.
© Copyright IBTimes 2024. All rights reserved.