C'mon, name and shame...which bank???
Online bank punters tricked into approving theft of their OWN CASH
Security researchers have discovered a malware-based attack against the chipTAN system used by bank customers in Germany to authorise transactions online. The chipTAN system involves the use of a card reader into which a chip-n-PIN bank card is inserted, which generates a transaction authentication number (TAN) used to green- …
-
-
-
Thursday 6th September 2012 14:59 GMT Scott Wheeler
Re: Stupidity is a luxury
SMS is a reasonably secure transport, but it relies on the handset being trustworthy. In the past two important phones (Nokia 6210i and Ericsson T610, I think) had Bluetooth bugs such that it was possible to pair with them without authentication, then read and delete an SMS without the user's knowledge. These days there may be other vulnerabilities introduced by Smartphones with malware installed, which could allow receiving and manipulating SMS from a distance.
I don't want to give the impression that SMS authentication is a bad method: it isn't, particularly if it is part of two-factor authentication. However as with most methods, it cannot be seen as a silver bullet.
-
-