05 Feb 2013

Experts of the Group-IB company tested security of the interactive front-office system of client service by the CS Company – iFOBS.

At the moment the iFOBS system is extensively used in the CIS finance and banking establishments. Nowadays the systems of the CS Company are functioning in 70 Ukrainian banks and 9 companies focusing on insurance business.

In the course of the security analysis measures various attack vectors have been used to detect vulnerabilities which can lead to an unauthorized access to information or a denial of the system crucial services.

«Our internet banking system iFOBS has shown a high level of protection against an unauthorized access to information as well as against attacks of other types, – noted Igor Babchenko, director of the CS Company (Ukraine). – While taking care of enhancement and usability we never forget about our main goal: to provide secure distant operations with finance».

The following issues were pointed out as key vulnerabilities being the subject of the security audit of the framework on test:

    WEB-application vulnerability (WASC classification);
    vulnerability of applied communication protocols;
    characteristic features of storing password and other confidential client information;
    configuration errors of software and general-system environment.

«The iFOBS system has shown a high level of tolerance against various attacks which can be used by illegal intruders to compromise the framework of the bank’s system of remote banking service», – commented Andrey Komarov, head of the Group-IB’s international projects, audit and consulting department.  

A successful passing of the security tests proves the high level of safety of the interactive front-office system of client service iFOBS.

About Group-IB

Group-IB is Russia and the CIS’s (Commonwealth of Independent States) leading computer security company, specializing in the investigation of computer crime, information security breaches, and computer forensics. It was founded in 2003. The company includes computer forensics and data recovery lab. he laboratory conducts research and examination of physical evidence stored on various media and is involved in many civil, arbitration and criminal cases under investigation in the territory of the Russian Federation. CERT-GIB, Computer Security Incident Response Team with a twenty-four-hour service operates on the Group-IB base. It is a part of LETA Group.