AuthorsY. Espelid, L. Netland, A. Klingsheim and K. Hole
TitleRobbing Banks with Their Own software—an Exploit against Norwegian Online Banks
Afilliation, Communication Systems
Project(s)Simula@UiB
StatusPublished
Publication TypeProceedings, refereed
Year of Publication2008
Conference Name23rd International Information Security Conference (SEC 2008)
VolumeVolume 278 of the series IFIP – The International Federation for Information Processing
Pagination63-77
PublisherSpringer
Abstract

The banking industry in Norway has developed a new security infrastruc- ture for conducting commerce on the Internet. The initiative, called BankID, aims to become a national ID infrastructure supporting services such as authentication and digital signatures for the entire Norwegian population. This paper describes a man-in-the-middle vulnerability in online banking applications using BankID. An exploit has been implemented and successfully run against two randomly chosen online banking systems to demonstrate the seriousness of the attack.

Citation Key24235