Trending Now

Menu
Search
Headline
Insights into Common Snapping Turtles: From Behavior to Preservation
DIY Acrylic Nails: A Step-by-Step Guide to Applying Nail Powder at Home
AMD Brings Performance Improvements for Ryzen CPUs to Windows 11 Stable Release – PC – News
The United States won gold in the team relay on the opening day of the mountain bike world championships
The United States won gold in the team relay on the opening day of the mountain bike world championships
ANWB introduces automatic shutdown function against night blocking rates – Image and sound – News
EU to investigate whether Telegram lied about user numbers – IT Pro – News
Rumor: PlayStation 5 Pro to be revealed in September, looks like a ‘Slim’ – Gaming – News
Lenovo Product Manager: Intel Still Working on Arrow Lake Halo Processor – Computer – News
Juridisch adviseur breekt met Shima Kaes om voorgestelde afkoopsom Johnny de Mol
Legal Counsel Splits From Chima Kayes Over Lump Sum Proposed By Johnny De Mol | RTL Street

Five ING clients gained temporary access to another client’s bank account – Update – IT Pro – News

Economy
Courtney Horton

Five ING clients gained temporary access to another client’s bank account – Update – IT Pro – News

It shouldn’t be possible either.

Background: In brief:
You have a “My ING Account”. Simply put, this account (not you as a person, but the account) has access to your bank account and information about your bank account (those are two different things, but not related to this story).

“My ING Account” contains a username and password. In addition, they also contain “MFA codes” in the form of unique keys. One is in my ING app. The other one is on the My ING app. One of the keys is in the application data itself (think of it as a kind of username within the application). The other is stored on the iPhone in a “private chip” on the phone.

This means that Just The application installed with this code can only be used under certain conditions (for example, if a PIN or something like that is entered).

Now comes the crucial part. The following assumption applies:
This chip is “fully secured”. The chip can only be read through facial recognition or by entering the phone’s PIN based on the instructions A registered application is allowed with one specific code. (Whether or not this trust is justified is not important at this time. This is the assumption. This is Apple’s system.) (This is a simplified opinion, but there is more to it than this)

(Therefore) ING trusts the security mechanism of the iPhone.
This means that if the iPhone tells the trusted environment that this code has logged in, that is enough trust for ING to grant access to the My ING environment account. This means the following: wipe your face no What logs in to the ING app or to ING. A facial scan provides access to that one chip and retrieves that key and passes it to the application. The application then determines what happens to it.

please note. The mechanism for entering the code into that chip was previously completed using a username and password combination. Maybe even with a piece of physical mail. (I remember getting a message at the time. I don’t know how things are now.) This means that you are actually logging in using MFA without any additional action.

Think of it as if you are entering a company with an access sign that cannot be copied/forged. Then by definition you are allowed to walk there. Before you received this payment, you had to identify yourself and perhaps other things to prove your identity. You don’t have to show your ID every day and check if it’s still valid. You have this push and “so” it’s good. (The comparison isn’t exact, of course, but you get the idea)

In short: Because the data is received over the phone in a way that ING trusts, ING assumes that everything is fine.

What appears to have gone wrong here is actually very simple. It is one of two options: Person A’s My ING account has access to Person B’s bank account and/or bank account details.
Or: Person A’s iPhone codes had access to Person B’s My ING account.

Personally, I consider the second option more acceptable. So the fault actually lies in the bank’s My ING software and not in the central bank systems that the My ING apps have access to.

How this error could creep in is not very clear. This could really be anything. As you yourself point out, this should be impossible.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top