How to Attack Two-Factor Authentication Internet Banking

نویسندگان

  • Manal Adham
  • Amir Azodi
  • Yvo Desmedt
  • Ioannis Karaolis
چکیده

Cyber-criminals have benefited from on-line banking (OB), regardless of the extensive research on financial cyber-security. To better be prepared for what the future might bring, we try to predict how hacking tools might evolve. We briefly survey the state-of-the-art tools developed by black-hat hackers and conclude that automation is starting to take place. To demonstrate the feasibility of our predictions and prove that many two-factor authentication schemes can be bypassed, we developed three browser rootkits which perform the automated attack on the client’s computer. Also, in some banks attempt to be regarded as user-friendly, security has been downgraded, making them vulnerable to exploitation.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Three-Factor User Authentication Method Using Biometrics Challenge Response

We propose a three-factor authentication method by pointing out the weakness in the two-factor authentication method that uses telephony currently used in Internet banking by adding voice verification, creating a threeauthentication method (password, possession of phone, and voice printing) . The use of the two-factor authentication (two-path authentication) method using telephony has recently ...

متن کامل

The Impact of Two-Factor Authentication Technology on the Adoption of Internet Banking

The security risks of Internet banking have always been a concern to the service providers and users. There has been a global trend to adopt a multi-factor authentication scheme to increase the security of Internet banking. However, the introduction of two-factor authentication has not been well received. Particularly, there has been a conception that it creates barriers to Internet banking use...

متن کامل

A Proof of Concept Attack against Norwegian Internet Banking Systems

The banking industry in Norway has developed a new security infrastructure for conducting commerce on the Internet. The initiative, called BankID, aims to become a national ID infrastructure supporting services such as authentication and digital signatures for the entire Norwegian population. This paper describes a practical man-inthe-middle attack against online banking applications using Bank...

متن کامل

On the (In)Security of Mobile Two-Factor Authentication

Two-factor authentication (2FA) schemes aim at strengthening the security of login password-based authentication by deploying secondary authentication tokens. In this context, mobile 2FA schemes require no additional hardware (e.g., a smartcard) to store and handle the secondary authentication token, and hence are considered as a reasonable trade-off between security, usability and costs. They ...

متن کامل

SSL/TLS session-aware user authentication - Or how to effectively thwart the man-in-the-middle

Man-in-the-middle attacks pose a serious threat to SSL/TLSbased electronic commerce applications, such as Internet banking. In this paper, we argue that most deployed user authentication mechanisms fail to provide protection against this type of attack, even when they run on top of SSL/TLS. As a possible countermeasure, we introduce the notion of SSL/TLS session-aware user authentication, and p...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2013