How to Attack Two-Factor Authentication Internet Banking
Date: April 2013
Publication: Proceedings of the 17th International Conference on Financial Cryptography and Data Security 2013 / Lecture Notes in Computer Science, Volume 7859
Page(s): 322 - 328
Source 1: http://fc13.ifca.ai/proc/9-3.pdf
Source 2: http://dx.doi.org/10.1007/978-3-642-39884-1_27 - Subscription or payment required
Cyber-criminals have benefited from on-line banking (OB), regardless of the extensive research on financial cyber-security. To better be prepared for what the future might bring, we try to predict how hacking tools might evolve. We briefly survey the state-of-the-art tools developed by black-hat hackers and conclude that automation is starting to take place. To demonstrate the feasibility of our predictions and prove that many two-factor authentication schemes can be bypassed, we developed three browser rootkits which perform the automated attack on the client’s computer. Also, in some banks attempt to be regarded as user-friendly, security has been downgraded, making them vulnerable to exploitation.
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.