Sciweavers

SEC
2008

Robbing Banks with Their Own Software-an Exploit Against Norwegian Online Banks

14 years 1 months ago
Robbing Banks with Their Own Software-an Exploit Against Norwegian Online Banks
Abstract The banking industry in Norway has developed a new security infrastructure for conducting commerce on the Internet. The initiative, called BankID, aims to become a national ID infrastructure supporting services such as authentication and digital signatures for the entire Norwegian population. This paper describes a man-in-the-middle vulnerability in online banking applications using BankID. An exploit has been implemented and successfully run against two randomly chosen online banking systems to demonstrate the seriousness of the attack. Key words: Public-key infrastructure, man-in-the-middle attack, online banking
Yngve Espelid, Lars-Helge Netland, André N.
Added 30 Oct 2010
Updated 30 Oct 2010
Type Conference
Year 2008
Where SEC
Authors Yngve Espelid, Lars-Helge Netland, André N. Klingsheim, Kjell Jørgen Hole
Comments (0)