Abstract
========
ChipTAN comfort is a new system which is supposed to securely authorise online
banking transactions by means of a trusted device. It is assumed that chipTAN
comfort specifically protects against man-in-the-middle attacks. Such attacks are
currently putting bank customers who are using the iTAN system at risk. RedTeam
Pentesting examined chipTAN comfort and showed that even when using this sys-
tem, man-in-the-middle attacks can compromise online banking security.
The full paper is available in German and English at
========
ChipTAN comfort is a new system which is supposed to securely authorise online
banking transactions by means of a trusted device. It is assumed that chipTAN
comfort specifically protects against man-in-the-middle attacks. Such attacks are
currently putting bank customers who are using the iTAN system at risk. RedTeam
Pentesting examined chipTAN comfort and showed that even when using this sys-
tem, man-in-the-middle attacks can compromise online banking security.
The full paper is available in German and English at
http://www.redteam-pentesting.de/publications/MitM-chipTAN-comfort
--
RedTeam Pentesting GmbH Tel.: +49 241 963-1300
Dennewartstr. 25-27 Fax : +49 241 963-1304
52068 Aachen http://www.redteam-pentesting.de/
Germany Registergericht: Aachen HRB 14004
Geschäftsführer: Patrick Hof, Jens Liebchen, Claus R. F. Overbeck
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEVAwUBSwvINdG/HXWsgFSuAQI94ggAropyA0giR+qOEYVy6MLYbiVlUyF/ZqPH
HzfzUwwZqH7y2VkeIvcSoBvAgUAux0nAJtzoTNvnkkJ+1WH+Txox6XYEr5Fui5nu
yBuGozTYbRF1A9rNOnBAZ419RKPeAPTUxtPdE37sxuMHeP2Q+G80rj10NiaY3LRV
HxNtMPsqqdCyhgYOhj94cNmJA3HYL352eE4YIWRu8MlQnYSL1ToZZQGzmqymSJ0s
lsNaNWazpvasBBirbbfPySYFWAv2UdNo+9w/YzEAM5kqB/u+19CwckIWR7jK2bki
5ZQN4c94ZNBVRUcmRqJWV+xpL+wcrvVF+9Akb3PG27A0L01C+Cpx+w==
=RNex
-----END PGP SIGNATURE-----
[ reply ]