Re: Fedora Account Migration & Production Deployment Update: COMPLETE!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tomasz Torcz wrote:
> I meant push notification, when the message is sent through secure channel
> to your smart phone and you get popup asking for authorization.

The Swedish BankID cartel did that in their proprietary app, and thus
enabled an outbreak of fraud. Here's how it works:

1: The fraudster calls the victim, posing as the bank or some authority
figure, and tells some confidence-inspiring lies. Then the fraudster
says that they need to ascertain the victim's identity.

2: The fraudster initiates a login to the victim's bank account.

3: The bank sends an authentication request to the victim's BankID app.
A popup is displayed on the victim's smartphone.

4: The victim is expecting an authentication request from the person
they're talking to, and sees a request that seems to match, so they
grant the request.

5: The bank receives a correct authentication response. The fraudster
is now logged in to the victim's account.

The design flaw is that the authentication happens in a side channel,
separate from the login session. The bank doesn't know whether the
remote ends of the two channels are in the same place. Correct design
is to do the authentication in the login session itself. For a
workaround one can tie the two channels together somehow, and that's
how the Swedish banks patched the flaw. They now display a QR code on
the login page that the user must photograph with their smartphone,
thereby tying the authentication channel to the login session. I hear
the QR code is optional for websites, so anything that uses BankID
authentication and doesn't use the QR code is still vulnerable.

Now, if the side channel is only used as a second authentication, and
the first authentication, with the passphrase, is done in the login
session, then successful attacks will be less frequent, because then
the attacker first needs the victim's passphrase. Side-channel
authentication is a design flaw none the less. There's no point to
having a second factor if it's so weak that the security depends mostly
on the first factor.

Björn Persson

Attachment: pgpiqA81JWK_C.pgp
Description: OpenPGP digital signatur

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux