Posts

Showing posts from October, 2010

Mobile Viruses in Man-in-the-Mobile Vs Multi-Factor authentications

Smart phones are drawing attackers' attentions especially for monetary gains. Viruses are targeting mobile platforms to compromise multi-factor authentication. Zeus is one of them.
According to http://www.darkreading.com/authentication/security/client/showArticle.jhtml?articleID=227700141&cid=RSSfeed we imagine a rough scenario how a mobile virus can compromise currently used assuming foolproof multi-factor authentication nowadays' banking industry use . USER Logins to FAKE BANKING SITE inspired by PHISHING Attack
FAKE BANKING SITE asks USER to enter ONE TIME Device token to login to Actual Banking SiteLOGIN SUCCESSFUL
FAKE BANKING SITE Adds new Payee
ACTUAL Banking Site asks ONE-TIME Device Token
FAKE BANKING SITE asks USER to enter ONE TIME token to login to Actual Banking Site by showing UNSUCCESSFUL Login
FAKE BANKING SITE submits ONE-TIME Device Token to ACTUAL Banking Site
ACTUAL Banking Site sends ONE-TIME Authentication Token to USER's Mobile
FAKE BANKING SITE Asks ZEUS …