Thinking Inside the Box: System-Level Failures of Tamper Proofing
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Trust '08 Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies: Trusted Computing - Challenges and Applications
Rootkits for JavaScript environments
WOOT'09 Proceedings of the 3rd USENIX conference on Offensive technologies
Hi-index | 0.00 |
Due to recent attacks on online banking systems and consequent soaring losses through fraud, different methods have been developed to ensure a secure connection between a bank and its customers. One method is the inclusion of smart card readers into these schemes, which come along with different benefits, e.g., convenience and costs, and endangerments, especially on the security side. We give a review on a security concept and its implementation deployed as an online banking solution, which consists of a USB smart card reader and a customized browser. We propose a thread model and an attack vector exploiting the limited capabilities of the class one smart card reader. Furthermore a proof of concept malware is presented, which utilizes the primary vulnerability, i.e., class one reader, and otherwise supporting vulnerabilities, to show how transactions may be manipulated.