In banking chat bots found vulnerabilities that can allow frauds to translate funds without the knowledge of customers. This is reported by Izvestia with reference to AWILLIX.
AWILLIX Information Security Director Alexander Gerasimov reported that similar logical vulnerabilities were detected by specialists. They allow you to get a number and duration of the cards, as well as find out the account balance and customer mobile phone. According to him, this information will help further attacks on users.
Gerasimov added that it is possible to even bypass the mechanism of confirmation of the operation: the code came in the correspondence with the Chat Bot. It is specified that accounts in the messenger and on the main website of the bank are not related to each other. That is, if the fraudster gets access to the user account in Chat Bote, it does not mean that it will access the main personal account.