Finding holes: Operation Emmental

Like Swiss Emmental cheese, online banking protections may be full of holes. Banks have been trying to prevent cyber crooks from accessing their customers’ online accounts for ages. They have, in fact, invented all sorts of methods to allow their customers to safely bank online. This research describes an ongoing attack we have dubbed “Emmental” that targets a number of countries worldwide. The attack is designed to bypass a certain two-factor authentication scheme used by banks. In particular, it bypasses session tokens, which are frequently sent to users’ mobile devices via Short Message Service (SMS). Users are expected to enter a session token to activate banking sessions so they can authenticate their identities. Since this token is sent through a separate channel, this method is generally considered secure.

However, this criminal gang has managed to create a complex system to defeat this protection.

SPEAKER: David Sancho

Advertisements
This entry was posted in ASFWS 2014, Talks. Bookmark the permalink.

One Response to Finding holes: Operation Emmental

  1. Pingback: 10-2014 :Cyberdéfense & Cybersecurité Conf & Training en .ch

Comments are closed.