German home banking (fromn RISKS)
---------------------------------------------------------------------- Date: Tue, 23 Jan 1996 17:32:56 +0100 From: Klaus Brunnstein <brunnstein@rz.informatik.uni-hamburg.d400.de> Subject: Homebanking NonSecurity demo A German private TV channel (SAT 1) displayed, Monday Jan.22 night (10 pm), a demonstration of how easily homebanking may be attacked in Germany. In this demo, a person used T-Online (a navigation tool similar to CompuServe) to send his ID, PIN, the amount to be transferred (500 DM) and the account to which to transfer, plus a transaction number (TAN) via telephone line. All these data were intercepted on a portable connected to the user's phone line in the basement of the building (indeed, most telephone boxes are rarely locked). Actions of the customer and the "hacker" were shown in parallel, so one could see all data (including PIN which was not displayed on the Customers' screen) on the hackers' display. Before the customer could start the booking process on the bank computer by sending the requestor, the hacker interrupted the telephone connection. As he now possessed all relevant "secret" information of the user, he now started an order to transmit 5,000 DM from his victim's account to another one, successfully (as the customers' vouchers proved. After the demo (about 10 minutes), a short interview (with the author of this report) discussed evident risks; it was made clear that software solutions are available since some time, to replace the old PIN/TAN structure with digital signatures and to encrypt sensitive data using asymmetric encryption. Risks? Presently, there are several risks in telephone-based homebanking. First, ALL sensitive information is transmitted in cleartext. Secondly, interception of line-based communications of German Telekom is easily possible at several sites, from the basement of a customers' house where lines from different customers are collected in a unit, to units collecting lines from several blocks, streets etc. Thirdly, in contracts between banks and customers, the latter will often have difficulties to prove that an order carrying their personal ID, TAN etc was NOT issued from them, esp. when there is evidence that the order came from the customers' telephone line (though not from his telephone :-). Customer protection (both technically and legally) therefore requires immediate action, as Chaos Computer Club commented in press. Interestingly, German banks offer enterprises a secure solution based on RSA-licensed encryption software. So far, this is NOT offered to private customers as it canNOT interoperate with T-Online. Financial institutions are discussing presently a solution (either with a chipcard including sort of DES or a solution using an RSA-implementation with 784 bit key, which may be distributed via diskettes) but it is unclear when this solution will be available. As long as such solution is not available, "every day may become payment day even for the most lousy hackers" as one German newspaper (TAZ) wrote. Klaus Brunnstein (Jan.23,1996) ------------------------------ ------------------------------------------------------------------------- Steven Weller | "The Internet, of course, is more | than just a place to find pictures | of people having sex with dogs." stevenw@best.com | -- Time Magazine, 3 July 1995
Was the person in the basement eavesdroping or actuall performing a man-in-the-middle attack? Don't high speed modems transmit and receive on the same frequencies, using echo cancelation to decode the receive signals? Does that make it impossible to eavesdrop on high-speed (i.e. V32bis) modems? David
Was the person in the basement eavesdroping or actuall performing a man-in-the-middle attack?
He was first eavesdropping then he performed a hijack attack once authentication was achieved. Ben. ____ Ben Samman..............................................samman@cs.yale.edu "If what Proust says is true, that happiness is the absence of fever, then I will never know happiness. For I am possessed by a fever for knowledge, experience, and creation." -Anais Nin PGP Encrypted Mail Welcomed Finger samman@suned.cs.yale.edu for key Want to hire a soon-to-be college grad? Mail me for resume
Was the person in the basement eavesdroping or actuall performing a man-in-the-middle attack?
Very much the easiest way of doing this is a classic man in the middle attack with two vanilla off the shelf modems and a vanilla off the shelf central office simulator. The modems would be tied more or less back to back through two serial ports and software on a laptop in the basement, one modem connected to the actual phone line to the central office and the other connected to the local wires to the targets home through the central office simulator. This way all traffic in both directions would go through the modems and software on the laptop allowing the connection to be taken over cleanly between packets, and packets to be injected and deleted as needed. I beleive that it would not be hard to make such a MITM decode the DTMF dialing from the target and dial the same number on its outgoing modem thus enabling the MITM to passively relay modem calls it wasn't interested in spoofing. And incoming modem calls could be similarly handled. While I might hasten to add that my interest is entirely academic and I've never tried configuring such a thing, I'm quite sure that standard off the shelf consumer modems and cheap and widely available central office simulators could be configured to set up such a MITM without requiring any special hardware, hardware modifications, or modified modem firmware, or special programming expertise beyond that required to operate modems through a serial port, And obviously the cost of such a thing might well be kept under $1000 and perhaps under $500 compared to the multiple tens or hundreds of thousands that the specialized modem and protocol analyzer test equipment that can do this sort of thing costs. A slightly more realistic version with a sound card and some simple coupling transformers available at Radio Shack (or free from an old junk modem) would allow full simulation/cutover of the call progress tones and wrong number announcements and so forth and might make such a device rather difficult to detect for a casual non technical modem user. While this is not 100% off the shelf hardware, the technical skills required are rather low.
Don't high speed modems transmit and receive on the same frequencies, using echo cancelation to decode the receive signals? Does that make it impossible to eavesdrop on high-speed (i.e. V32bis) modems?
That has been widely reported. In fact given a four wire (directional) tap this is probably not true in many cases, in that the inherent directionality (echo return loss) of the line gives enough separation between the data going in one direction and the data going in the other for successful separation. This is further enhanced by the generally true fact that the line is idle in at least one direction for most of the time, and the pattern of date transmitted on an idle line under LAPM is predictable and can be subtracted out even if the actual SNR is not good enough to reliably demodulate it. As far as I know, the firmware to allow passive monitoring of V.32 and V.34 data is not part of any standard modem firmware, but many modems can passively monitor the lower speed transmissions.
David
Dave Emery die@die.com
participants (4)
-
Ben -
Dave Emery -
David Mazieres -
stevenw@best.com