On 5/11/07, Nick FitzGerald <nick@xxxxxxxxxxxxxxxxxxx> wrote:
Sure, they're a lot more expensive and a lot more "high-tech" but unless they are doing end-to-end client and server authentication and strong crypto _AND_ have their own input and output devices that cannot be interfaced from the host OS _AND_ are required for verifying (virtually) every step of every transaction (in other words -- if you have any of the real-world implementations of banking OTP cards used anywhere in the world, the answer is "no"), they are effectively no better than the Citi OSK's as they are trivially MiTM'ed via on-client malware.
This actually isn't that hard to do properly and I already see some banks doing it. The key here is to tell the user what's going on an off the band method. In other words, once a user decided to make a transaction, the bank sends a challenge *and* transaction details *somehow* to him. The user has to confirm the transaction by entering the proper challenge. The "somehow" method can vary, but it looks that sending SMS messages is hte most acceptable method today. So, the user gets an SMS message with the challenge code and the transaction details and enters that into his web browser. The attacker behind his MiTM can't do anything - if he changes the transaction before, the user will (hopefully) see it. If he changes the challenge, the transaction will fail. Cheers, Bojan
