A security system that could keep homepoint financial services safe could help prevent a bank robbery, a study by a security researcher says.
“The main problem is that the homepoint network is so tightly controlled,” said Stephen Hilderbrand, a security expert at Canadian firm Homepoint Financial Services, in an interview.
Hilderweber is one of many researchers who say they have been able to demonstrate that homepoint’s network can prevent a robbery by taking out the card and the PIN that would allow someone to access the card.
Homepoint has a system called the PINs and Card Reader, which allows a card reader to be used on the bank’s network to sign transactions.
In his research, Hildersbert was able to see that, if an attacker could break into the PIN system, he could sign cards that he would have to provide to the bank, then steal money, Hildebrand said.
Hildersbach also showed that homepoints network could be cracked by using malware, and he says the security system can be broken using a simple tool called “The PSA” that uses a computer to generate a random PIN.
A bank card would then be issued and used to open a bank account, which would allow the attacker to sign the card, Hildaverbrand said in the interview.
Hildebrand, who is based in Vancouver, British Columbia, said he believes that home point is one example of a secure homepoint system that would be more easily compromised if it was more tightly controlled.
Homepoint is one provider of security in Canada.
When Hildesber found out that Homepoint was not providing the necessary information to verify that its card readers could be hacked, he asked the bank to provide him with information about the PIN and the Card Reader so he could create a software that could help identify whether the system was secure, Hiltbrad said.
He also asked the Bank of Canada to provide the data that he needed.
The bank said it was providing that information to Hildber, but the security researcher said he didn’t get a response from the bank until two weeks later.
His research was published Monday in the journal Security.
One of the biggest challenges that home points face is that there are two kinds of card readers on the network, Hilsber said.
“They are either card readers for the cards, or they are card readers that use the hardware to create a signature, which is what a bank card is.”
Hildsber said he has been able demonstrate that a home point card reader can be hacked by using malicious code that would have been generated by the bank using a hardware hacking tool called the “The Hilderman” and that can be used to create the signature.
An example of this code was shown in a security presentation he made to a conference in November that included researchers from Homepoint and other security companies.
Hildaverbert said the card reader used in the presentation was one that has been widely used by Homepoint.
However, he said that he did not know how widespread the problem is because he has not seen a paper about it.
Hilsber has been studying homepoint since 2006 and said he does not know of a single instance of a bank using the card system to sign a transaction.
Hilstbrad, who has been researching homepoints for the past several years, said the data on homepoints security system is not available because of the large number of people working on it.
Security researchers are working on ways to get the information that is available.
There is a proposal by the Bank for a Security Audit (BSAA), which was introduced in December to investigate the security of homepoint cards, and Hildsbert said he thinks that the BSAA could come up with a list of vulnerabilities in the system that HomePoint could use to improve security.
But Hildestad said that the problem will only get worse if Homepoint’s card network becomes even more tightly regulated, something that Hildertber has said he hopes will happen.
And Homepoint, he added, needs to come up the right way with the data it has.