Hacking Citibank's Virtual Keyboard
May 12, 2007A researcher points out that malware can just as easily capture mouse-clicked PINs as those entered at the keyboard.
In some countries outside of the US, Citibank has a login option to enter your PIN by clicking on the display of a keyboard rather than with the physical keyboard.
Perhaps the idea is to defeat keyloggers, but a researcher has demonstrated that it's easy for malware to capture the PIN anyway.
The technique, posted on the popular Bugtraq mailing list, generated some scorn from readers (not an unusual result on Bugtraq). The two main complaints, both true, are that a) the attack presumes that malware has already been installed on the system; and b) this is an old technique - consider this almost identical thread on Bugtraq from 2005.
The technique, which has been used in some malware for years, is to take a screen shot when the mouse is clicked, noting the coordinates of the click. It's true that to execute this attack, the attacker needs to have the program installed on the system already, a formidable barrier to entry, but not when you consider the point of the virtual keyboard: an attacker would only put a user through this if he/she suspected they may already have a keylogger on their system. The feature is designed for already-infected systems.
Copyright 2007 by Ziff Davis Media, Distributed by United Press International
-
Bogus training offer opens hacker doors to bank accounts
Feb 05, 2012 |
5 / 5 (5) |
3
-
Turning iPhone into spiPhone: Smartphones' accelerometer can track strokes on nearby keyboards
Oct 18, 2011 |
4 / 5 (7) |
3
-
Spammers target Facebook
Apr 04, 2011 |
not rated yet |
0
-
Researchers devise new method of detecting botnets
Mar 25, 2011 |
4 / 5 (6) |
1
-
Thwarting attacks on cell phone mesh networks
Jan 20, 2011 |
not rated yet |
0
-
Engineers build first sub-10-nm carbon nanotube transistor
Feb 01, 2012 |
4.9 / 5 (31) |
30
-
Something old, something new: Evolution and the structural divergence of duplicate genes
Jan 31, 2012 |
4.6 / 5 (7) |
1
-
The hidden nanoworld of ice crystals: Revealing the dynamic behavior of quasi-liquid layers
Jan 30, 2012 |
5 / 5 (3) |
1
-
Stock market network reveals investor clustering
Jan 27, 2012 |
3.9 / 5 (23) |
8
-
Of microchemistry and molecules: Electronic microfluidic device synthesizes biocompatible probes
Jan 26, 2012 |
5 / 5 (1) |
0
-
Need help reading 3-D
3 hours ago
-
A way to send and receive wireless data
9 hours ago
-
Tabletop Cold Fusion Reactor
10 hours ago
-
Calling function with no input argument
Feb 10, 2012
-
Force free body diagram problem on gym equipment
Feb 10, 2012
-
Empirical data regarding shower heads and water
Feb 10, 2012
- More from Physics Forums - General Engineering
More news stories
Walney offshore wind farm is world's biggest (for now)
(PhysOrg.com) -- The Walney wind farm on the Irish Sea--characterized by high tides, waves and windy weather--officially opened this week. The farm is treated in the press as a very big deal as the Walney ...
Technology / Energy & Green Tech
12 hours ago |
3.9 / 5 (10) |
28
|
GPS court ruling leaves US phone tracking unclear
A US Supreme Court decision requiring a warrant to place a GPS device on the car of a criminal suspect leaves unresolved the bigger issue of police tracking using mobile phones, legal experts say.
12 hours ago |
4 / 5 (2) |
0
Europeans protest controversial Internet pact
Tens of thousands of people marched in protests in more than a dozen European cities Saturday against a controversial anti-online piracy pact that critics say could curtail Internet freedom.
8 hours ago |
5 / 5 (5) |
0
Netflix settlement trims 14 pct off 4Q earnings
(AP) -- Netflix pressed the rewind button on its fourth-quarter earnings after settling allegations that the video subscription service violated a consumer-privacy law.
12 hours ago |
not rated yet |
0
Navy to begin tests on electromagnetic railgun prototype launcher
The Office of Naval Research (ONR)'s Electromagnetic (EM) Railgun program will take an important step forward in the coming weeks when the first industry railgun prototype launcher is tested at a facility ...
Feb 06, 2012 |
4.7 / 5 (15) |
90
|
Europe stakes billion-dollar bet on new rocket
A pencil-slim rocket is scheduled to lift into space from South America on Monday, carrying a billion-dollar bet that Europe can grab a juicy slice of the market to place satellites in low orbit.
Study finds that anti-diabetic medication can prevent the long-term effects of maternal obesity
In a study to be presented today at the Society for Maternal-Fetal Medicine's annual meeting, The Pregnancy Meeting, in Dallas, Texas, researchers will report findings that show that short therapy with the anti-diabetic medication ...
Steroid injections prove effective in treatment of lumbar disc herniations
The use of epidural steroid injections may be a more efficient treatment option for lumbar disc herniations, according to research presented today at the American Orthopaedic Society for Sports Medicine's Specialty Day in ...
Amateur football players not always keen on returning to play after ACL injuries
Despite the known success rates of reconstructive Anterior Cruciate Ligament (ACL) surgery, the number of high school and collegiate football players returning to play may not be as high as anticipated, say researchers presenting ...
Study finds elevated levels of cell-free DNA in first trimester do not predict preeclampsia
In a study to be presented today at the Society for Maternal-Fetal Medicine's annual meeting, The Pregnancy Meeting, in Dallas, Texas, researchers will report findings that indicate that elevated levels of cell-free DNA in ...
PRP treatment aids healing of elbow injuries say researchers
As elbow injuries continue to rise, especially in pitchers, procedures to help treat and get players back in the game quickly have been difficult to come by. However, a newer treatment called platelet rich plasma (PRP) may ...
