Sign In 
Sign In
Sign In
Coffee Room
Discuss anything here - everything that you wish to discuss with fellow engineers.
12933 Members
Join this group to post and comment.
Man In The Browser Serves Hindrance To Secure Online Banking
While data security has advanced to better and secure standards over the years, hackers seem to keep up with as proficient hacking techniques. According to BBC's report, criminal hackers have yet again found a way to break-in into the ever-so-fragile net banking.
Security techniques like PINSentry from Barclays and SecureKey from HSBC provide for a higher level of protection by creating a unique key at each login, only valid for 30 seconds. Apparently, hackers have found a way to manipulate the bank's site using the Man-In-The-Browser(MiTB) technique. In this scenario, after an account holder logs into his bank account, they are tricked by luring them into training in a "new, upgraded security system." The MiTB, though related, is more advanced malware than the Man-In-The-Middle attack. MiTB infects a web browser, with the ability to modify web pages without the user noticing.
![[IMG]](proxy.php?image=http%3A%2F%2Fwww.crazyengineers.com%2Fwp-content%2Fuploads%2F2012%2F02%2FMan-In-The-Browser.jpg&hash=19b4cab6477e3b513a230d75a3adc7e8)
MiTB strikes only when a user visits a particular site and gets in between the user and the website. For online banking systems this would mean that the MiTB can modify the web page, change payment details and alter the on-screen balances to conceal their activities. This makes it difficult for an account holder to notice the malicious activity. The MiTB is reported to break-in two factor authentication mechanisms as well because of the advantageous position it holds in the browser.
Though there are security softwares which when turned to maximum can point out such attacks and have the ability to block them, they come with a downside because they block many legitimate programs too. Online banking fraud losses have totalled £16.9 million in the first six months of 2011, according to Financial Fraud Action UK.
Source: BBC Image Credit: Security Is Not Secured
Security techniques like PINSentry from Barclays and SecureKey from HSBC provide for a higher level of protection by creating a unique key at each login, only valid for 30 seconds. Apparently, hackers have found a way to manipulate the bank's site using the Man-In-The-Browser(MiTB) technique. In this scenario, after an account holder logs into his bank account, they are tricked by luring them into training in a "new, upgraded security system." The MiTB, though related, is more advanced malware than the Man-In-The-Middle attack. MiTB infects a web browser, with the ability to modify web pages without the user noticing.
MiTB strikes only when a user visits a particular site and gets in between the user and the website. For online banking systems this would mean that the MiTB can modify the web page, change payment details and alter the on-screen balances to conceal their activities. This makes it difficult for an account holder to notice the malicious activity. The MiTB is reported to break-in two factor authentication mechanisms as well because of the advantageous position it holds in the browser.
Though there are security softwares which when turned to maximum can point out such attacks and have the ability to block them, they come with a downside because they block many legitimate programs too. Online banking fraud losses have totalled £16.9 million in the first six months of 2011, according to Financial Fraud Action UK.
Source: BBC Image Credit: Security Is Not Secured