A Proof of Concept Attack against Norwegian Internet Banking Systems
نویسندگان
چکیده
The banking industry in Norway has developed a new security infrastructure for conducting commerce on the Internet. The initiative, called BankID, aims to become a national ID infrastructure supporting services such as authentication and digital signatures for the entire Norwegian population. This paper describes a practical man-inthe-middle attack against online banking applications using BankID. The attack gives an adversary access to customer bank accounts in two different online banking systems. Proof of concept code has been developed and executed to demonstrate the seriousness of the problem.
منابع مشابه
Robbing Banks with Their Own Software-an Exploit Against Norwegian Online Banks
The banking industry in Norway has developed a new security infrastructure for conducting commerce on the Internet. The initiative, called BankID, aims to become a national ID infrastructure supporting services such as authentication and digital signatures for the entire Norwegian population. This paper describes a man-in-the-middle vulnerability in online banking applications using BankID. An ...
متن کاملA Proof of concept Implementation of SSL/TLS Session-Aware User Authentication
Man-in-the-middle (MITM) attacks pose a serious threat to SSL/TLS-based e-commerce applications, such as Internet banking. SSL/TLS session-aware user authentication can be used to mitigate the risks and to protect users against MITM attacks in an SSL/TLS setting. In this paper, we further delve into SSL/TLS session-aware user authentication and possibilities to implement it. More specifically, ...
متن کاملOnline Banking Security
I nternet banking is increasingly popular both in Norway and elsewhere. Banks have actively encouraged this cost-saving trend by persuading customers to sign up. Customers, attracted by online banking’s convenience, seem largely unconcerned about identity theft and phishing email scams. In fact, most customers seem to believe that Internet banking is quite safe simply because their banks told t...
متن کاملPrevention Schemes Against Phishing Attacks on Internet Banking Systems
With the rise of Internet banking, phishing has become a major problem in online banking systems. Over time, highly evolved phishing attacks, such as active phishing, have emerged as a serious issue. Thus, we suggest two server authentication schemes based on SSL/TLS to protect Internet banking customers from phishing attacks. The first scheme uses the X.509 client certificate, which includes a...
متن کاملHMAC-Based Authentication Protocol: Attacks and Improvements
As a response to a growing interest in RFID systems such as Internet of Things technology along with satisfying the security of these networks, proposing secure authentication protocols are indispensable part of the system design. Hence, authentication protocols to increase security and privacy in RFID applications have gained much attention in the literature. In this study, security and privac...
متن کامل