How to Attack Two-Factor Authentication Internet Banking
Author(s): Manal Adham, Amir Azodi, Yvo Desmedt, Ioannis Karaolis

Date: April 2013
Publication: Proceedings of the 17th International Conference on Financial Cryptography and Data Security 2013 / Lecture Notes in Computer Science, Volume 7859
Page(s): 322 - 328
Publisher: Springer
Source 1: http://fc13.ifca.ai/proc/9-3.pdf
Source 2: http://dx.doi.org/10.1007/978-3-642-39884-1_27 - Subscription or payment required

Abstract:
Cyber-criminals have benefited from on-line banking (OB), regardless of the extensive research on financial cyber-security. To better be prepared for what the future might bring, we try to predict how hacking tools might evolve. We briefly survey the state-of-the-art tools developed by black-hat hackers and conclude that automation is starting to take place. To demonstrate the feasibility of our predictions and prove that many two-factor authentication schemes can be bypassed, we developed three browser rootkits which perform the automated attack on the client’s computer. Also, in some banks attempt to be regarded as user-friendly, security has been downgraded, making them vulnerable to exploitation.



Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.

<-- Back to Authentication Research Paper Index





[Home] [About Us] [News] [Research]

Copyright © 2016 PasswordResearch.com