I have been using Citibank's virtual keyboard for sometime now and have always been skeptical that this would actually make my transactions secure. A security researcher in India has vindicated my beliefs. I am by no standards a smart hacker, but even I knew that if you can run any of the 'N' number of applications that can decode the string in the textbox, you can get the password for that account.
Let me explain how the virtual keyboard works. Every time you type in your account number, a virtual keyboard is presented that lets you click the digits of your password. These digits go in an encrypted form to the textbox that is present in that screen. And when you press enter you are allowed to login.
My friend and I have actually tried out an application which just essentially requires you to just point your mouse to that textbox and voila you get the actual password. So trust me, we knew this was pretty insecure, but we didn't care since I knew the hackers wouldn't be too interested in my bank account considering I don't own a whole lot :)
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment