Institutions that process numeric data need to be more diligent to avoid financial loss, warn security experts.
Due to the obvious potential rewards involved for criminals hacking into the systems of banks, traders, e-commerce and electronic gaming, the sites are rich pickings.
Corsaire, an independent expert in securing information systems, IT consultancy and risk assessment, said that computer hackers will go to extraordinary lengths to access financial applications.
A statement issued by Corsaire said: “However, despite calls for added diligence in this area, many of the numeric calculations being conducted within modern financial applications are often still handled inappropriately, as some computer programmers are simply unaware of the intrinsic programmatic risks associated with numerical processing, whilst others are focused on more easily identifiable issues associated with IT applications in general.”
The statement went on to warn that although banking, for instance, is highly likely to be targeted, any applications where critical numeric calculations are made are likely to be vulnerable, too. The way floating point values are dealt with is deemed to be a particular challenge.
Corsaire's research paper, entitled Breaking the Bank, which focuses on the technical issues associated with common programming languages and APIs, and covers how to mitigate risks by showing how hackers can manipulate the outcomes of transactions, is available free of charge at http://research.corsaire.com/