AuthorsY. Espelid, L. Netland, A. Klingsheim and K. Hole
TitleA Proof of Concept Attack against Norwegian Internet Banking Systems
Afilliation, Communication Systems
Project(s)Simula UiB
Publication TypeProceedings, refereed
Year of Publication2008
Conference Name12th International Conference on Financial Cryptography and Data Security (FC08)
VolumeVolume 5143 of the series Lecture Notes in Computer Science

The banking industry in Norway has developed a new secu- rity infrastructure for conducting commerce on the Internet. The initia- tive, called BankID, aims to become a national ID infrastructure sup- porting services such as authentication and digital signatures for the entire Norwegian population. This paper describes a practical man-in- the-middle attack against online banking applications using BankID. The attack gives an adversary access to customer bank accounts in two dif- ferent online banking systems. Proof of concept code has been developed and executed to demonstrate the seriousness of the problem.

Citation Key24236