Man In The Browser Serves Hindrance To Secure Online Banking

While data security has advanced to better and secure standards over the years, hackers seem to keep up with as proficient hacking techniques. According to BBC's report, criminal hackers have yet again found a way to break-in into the ever-so-fragile net banking.

Security techniques like PINSentry from Barclays and SecureKey from HSBC provide for a higher level of protection by creating a unique key at each login, only valid for 30 seconds. Apparently, hackers have found a way to manipulate the bank's site using the Man-In-The-Browser(MiTB) technique. In this scenario, after an account holder logs into his bank account, they are tricked by luring them into training in a "new, upgraded security system." The MiTB, though related, is more advanced malware than the Man-In-The-Middle attack. MiTB infects a web browser, with the ability to modify web pages without the user noticing.

#-Link-Snipped-#

MiTB strikes only when a user visits a particular site and gets in between the user and the website. For online banking systems this would mean that the MiTB can modify the web page, change payment details and alter the on-screen balances to conceal their activities. This makes it difficult for an account holder to notice the malicious activity. The MiTB is reported to break-in Two Factor Authentication mechanisms as well because of the advantageous position it holds in the browser.

Though there are security softwares which when turned to maximum can point out such attacks and have the ability to block them, they come with a downside because they block many legitimate programs too. Online banking fraud losses have totalled £16.9 million in the first six months of 2011, according to Financial Fraud Action UK.

Source: Hackers outwit online banking identity security systems - BBC News Image Credit: #-Link-Snipped-#

Replies

You are reading an archived discussion.

Related Posts

IRCTC aka The Indian Railway Catering & Tourism Corporation Limited has taken a step ahead to make the Indian Rail's 'Go Green' dream come true. The corporation is rapidly taking...
According to a research done at MIT by Andreas Mershin, it would soon be possible to produce electricity in the coming days just by mixing some grass clippings into a...
'Solve For X' project is a Google's X Lab's new facility that was kept under the veil till now. We all know that Google is working on driverless cars for...
He's dead, Jim. Torrent sharing sites have been struggling with the law  for a while now and this time it seems things are rather serious. With the Megaupload arrests and...
The most awaited operating system, Windows 8 will feature highly advanced features but without the iconic start button. Microsoft has decided that build 8220 will be the final version of...