Hacking Citibank's Virtual Keyboard

May 12, 2007

A researcher points out that malware can just as easily capture mouse-clicked PINs as those entered at the keyboard.

In some countries outside of the US, Citibank has a login option to enter your PIN by clicking on the display of a keyboard rather than with the physical keyboard.

Perhaps the idea is to defeat keyloggers, but a researcher has demonstrated that it's easy for malware to capture the PIN anyway.

The technique, posted on the popular Bugtraq mailing list, generated some scorn from readers (not an unusual result on Bugtraq). The two main complaints, both true, are that a) the attack presumes that malware has already been installed on the system; and b) this is an old technique - consider this almost identical thread on Bugtraq from 2005.

The technique, which has been used in some malware for years, is to take a screen shot when the mouse is clicked, noting the coordinates of the click. It's true that to execute this attack, the attacker needs to have the program installed on the system already, a formidable barrier to entry, but not when you consider the point of the virtual keyboard: an attacker would only put a user through this if he/she suspected they may already have a keylogger on their system. The feature is designed for already-infected systems.

Copyright 2007 by Ziff Davis Media, Distributed by United Press International


print this article email this article download pdf blog this article bookmark this article     Stumble it Digg this share on Facebook retweet share on Reddit add to delicious
Rate this story - 4 /5 (5 votes)


May 12, 2007 all stories

Comments: 0

4 /5 (5 votes)
  • Stumble this up

  • Digg this

  • share this

  • hide

  • Related Stories

  • Man charged in record ID theft case in plea talks
    created Aug 27, 2009 | popularity not rated yet | comments 0
  • Accused credit card hacker lived large in Miami
    created Aug 20, 2009 | popularity not rated yet | comments 0
  • Prosecutors say man stole 130M credit card numbers
    created Aug 17, 2009 | popularity not rated yet | comments 0
  • Hackers expose weakness in visiting trusted sites
    created Aug 02, 2009 | popularity not rated yet | comments 0
  • This article will self-destruct: A tool to make online personal data vanish (w/ Video)
    created Jul 21, 2009 | popularity not rated yet | comments 0



  • hide

  • Relevant PhysicsForums posts

  • Laser plasma emission
    created Nov 26, 2009
  • Achromat lens - magnifying LCD
    created Nov 25, 2009
  • Control System
    created Nov 24, 2009
  • Base Isolation Systems in Skyscrapers?
    created Nov 23, 2009
  • More from Physics Forums - General Engineering

Other News

Teachers begin using cell phones for class lessons

Technology / Hi Tech

created 2 hours ago | popularity 3 / 5 (1) | comments 0

(AP) -- Ariana Leonard's high school students shuffled in their seats, eagerly awaiting a cue from their Spanish teacher that the assignment would begin. "Take out your cell phones," she said in Spanish.


Government delays new ban on Internet gambling

Technology / Internet

created 6 hours ago | popularity 1 / 5 (1) | comments 0

(AP) -- The Treasury Department and the Federal Reserve are giving U.S. financial institutions an additional six months to comply with regulations designed to ban Internet gambling.


Fujitsu Develops Technology for Low-Temperature Full-Service Direct Formation of Graphene Transistors on Large-Scale Substrates

Fujitsu Develops Technology for Low-Temperature Full-Service Direct Formation of Graphene Transistors on Large-Scale Sub

Technology / Semiconductors

created 6 hours ago | popularity 5 / 5 (4) | comments 0

Fujitsu Laboratories today announced, as a world first, the development of a novel technology for forming graphene transistors directly on the entire surface of large-scale insulating substrates at low temperatures ...


Signal fading on radio traffic reports

Technology / Other

created 4 hours ago | popularity not rated yet | comments 1

(AP) -- For more than 20 years, Mike Nolan was known to radio listeners as the "eye in the sky." He flew over Southern California freeways in his single-engine plane, reporting on the nation's worst traffic.


'Avatar' video game to expand film's alien world (AP)

'Avatar' video game to expand film's alien world

Technology / Software

created 6 hours ago | popularity 4 / 5 (1) | comments 0

(AP) -- James Cameron was thinking beyond the big screen when he created the alien world of Pandora. The "Titanic" director worked in tandem with video game developer Ubisoft Montreal on the game based on ...




PhysOrg Account
advanced search
  • follow with twitter
  • follow on facebook
  • read with kindle
  • customize RSS
  • physorg mobile
  • newsletter