Stealing Money at the Speed of Light: Exploiting Race Conditions for Financial Fraud in…
1 min read
Summary
A race condition is when two or more processes are carrying out the same action at the same time and the system fails to correctly handle them, potentially allowing one process to beat another and creating an opportunity for exploitation.
In the online shopping arena, a race condition could allow a hacker to pay once and place the same order multiple times for no additional cost.
This could occur via a range of methods such as payment, discounts, gift cards, loyalty point schemes or manipulating stock levels.
The issue arises due to the store’s checkout system processing orders and payments asynchronously, meaning an order is placed before the payment is confirmed.
The solution is for online stores to ensure orders and payments are synchronised and that stock levels are updated before an order is confirmed.