The customers of Royal Bank of Scotland are at risk of cyber-attack as the bank has started offering a security software to them which is flawed. Early this year the bank began to offer a new service called Thor Foresight Enterprise for its business customers free of charge which is sold by Heimdal Security as an advanced security protection against cyber threats but researchers have discovered a flaw in it that exposes users to attacks. But now the bug has been fixed by Heimdal Security and the firm that since 50000 people downloaded that software they could be vulnerable to attacks.
RBS has assured customers that the software was only given to Natwest customers and customers of RBS and Ulster banks were not offered so they are not exposed to any problem. RBS has till date not confirmed about the actual number of customers that were affected by the problem as it was discovered by Pen Test partners who stated that its security flaw was very serious. Ken Munro security researcher stated that the flaw allowed them to gain access to a vulnerable customer’s computer. They state that this vulnerability could give attackers access to an individual’s emails, browsing history and even bank details.
To expose the flaw they just had to intercept a customer’s internet traffic which was pretty simple as all they had to do was break into unsecured public Wi-Fi and it is often very easy to compromise Wi-Fi setups within homes. The software of Heimdal Thor runs at a very high level of privilege on user’s machines so it should have very high standards of security but unfortunately it has fallen short. This security software acts as a filter to detect and stop most common attacks that steal or lock data with ransom- ware. Heimdal’s CEO Morten Kjaersgaard stated that they have made a fix that automatically updated 97% of all vulnerable endpoints within four days of identification of problem and rest after that.