Are You Prey For Hackers? Faking SiteKeys Happens.

09.21.07 | Online Banking | 0 Comments | by junger

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

Is your bank as secure as you think it is? Does that SiteKey really do anything for you?

bofasitekey.jpg

According to Chris Soghoian, a graduate student in the school of Informatics at Indiana University, your bank is not nearly as secure as they're telling you.

The problem is that all of these schemes–every single one of them–is vulnerable to a form of deception known as a man-in-the-middle (MITM) attack. Russian phishers launched a sophisticated MITM attack against the hardware-token-based, two-factor authentication scheme u ed by Citibank. Another group of hackers was able to rip off customers of the Dutch bank ABN Amro, which also issued hardware tokens.

On multiple occasions in 2005 and 2006, security researchers raised the alarm regarding the false promises of two-factor authentication, and in particular, Bank of America's SiteKey system. Finally in April 2007, Professor Markus Jakobsson and I announced a working demo of a successful man-in-the-middle attack against SiteKey.

Soghoian provides a video of the SiteKey hacking in progress on his site. Click here to see it.

It is discouraging to see him emulate Bank of America's SiteKey system, especially when BofA uses this to guarantee customers they are on the official site.

But as a safe online banker, you need to make sure that you are on the right site … so CHECK THE URL! If it isn't the right URL, don't provide your information no matter what.

Subscribe to Email Updates

Enter your email address:

Read More Related Posts

Example: %customfield2%

have your say

Add your comment below, or trackback from your own site. Subscribe to these comments.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

:

:


« E-Loan Savings Falls to 5.00% APY, CDs Down to 5.35%
» ING Budgeting, Mint Review and Google Bill Reminders