Who pays for fraud via wireless keyboards & man-in-the-middle attacks?

At 23:04:03 on 24/11/2006, peterwn delighted uk.legal by announcing:

There's virtually no way it won't have occurred to them.

Hmm, very interesting. Thanks for bringing that up, Sue, Alex & Tim. I've never seen such a system before. I stayed with some relatives in Gothenburg & Trollhatten for a short while and I don't recall seeing such a fob in their possession. But then again I didn't go to any banks with them, and they might have just kept it in a secure place.

How does that work? From the article Sue gave, I gather it generates a number which is part of the authentication process. This number can't be purely random, and in fact as bank needs some way of knowing what your next one will be, I'm guessing it must be deterministically calculated from the previous one.

This means the sequence of numbers can be predicted if you know the function to convert a prior one to the next one. So maybe it isn't so safe after all, but I suppose it is still better than just passwords/PINs I use for my online banking.

A piece of my mind is not for sale, Tim ;-)

You could do some research on pseudo random sequence generators but:

For all practical purposes the sequence it generates is random and cannot be predicted without knowing the unique starting conditions for that unit (known also to the bank) - or waiting for the sequence to repeat (a very long wait).

I wish my bank offered one.

I regularly sell bits of mine - large chunks of my brain are full of now useless facts that were only relevant to what I was being paid to do..

;)

Actually, I do know a bit about PRNGs ;-). AIUI (anyone please correct me if I'm wrong!): All coded PRNGs rely on a mathematical function to generate a deterministic sequence of numbers (hence pseudo). There tend to be two variables in this mathematical function; the seed (internal variable, not known) and the previous random number (external variable, known/intercepted).

Each starting seed produces an essentially unique sequence of numbers. For a sufficiently large space, that means it is likely that you've guessed the right seed if you can reproduce a sequence of say 10 identical numbers to that generated by the fob.

What does that mean practically? Let's say you know the PRNG function and a sequence of 10 random numbers generated by the fob, thanks to a wireless keyboard sniffer.

You generate a huge list of random number sequences with up to say 365 attempts long (that's one bank login every day for the first year of introduction of the system). You do this for all random seeds in a reasonable range.

If we make the assumption that (say) 10 consecutive hits in the sequence of 365 numbers means you've guessed the right random seed, it is then possible to iterate through this sequence to locate the random seed. Why not just try to guess the random number instead of the seed, you ask?

Well, because if you did, the account would be blocked long before that and you can do this system _offline_ with a powerful enough computer & large enough memory.

I'm curious - for those who have had to use this fob - what happens if you accidentally or unknowingly press the button before you use it for accessing your account? That will mean your sequence of numbers are out of sync with the bank's.

You mean you've been thoroughly educated in the University of Life :-). I'm still a fresher in that regard, I'm afraid.

But there's a lot to learn here and I've already learnt fascinating things from this thread anyway: that fob system, "Nth factor authentication" and not to worry so much about my money being stolen by irresponsible bank officers - like some others pointed out it is unlikely the banks wouldn't have thought about it and its really theft of _my_ passwords/PIN I should be more concerned about. I'm Ebaying my wireless keyboard/mouse for wired ones :-O

They are not used for branch banking they are used for remote banking.

The number sequence for my machine is unique for each customer and time of day combination.

It doesn't have to be a random sequence, just different for each customer.

When I log on, I get the key from my machine, and if it matches the one the bank expects I can log on and perform my transactions.

Each number is valid for a short space of time, but obviously, this time will be a minute or two. So, it is possible for someone to hijack this and log on as me in that very small time frame. To avoid this, I am interrogated for another number to confirm my transaction at the end. It is extremely unlikely that someone else logged on as me at the start will be interrogated for a confirmation at exactly the same time as me, so that person will not know the correct number from the machine to confirm their transaction.

I think that it is very unlikely that anyone could do this.

Oops.

tim

It obviously depends on the length of the shift register. The function will presumably be that for maximum sequence length. If anyone can crack this method of protection, there are far bigger fish to go after than personal bank accounts.

The ones I have seen change at a fixed timed interval. The bank will have the previous, current and next number in the sequence and validate on any of them, to allow for clock misalignment. It can then pull the virtual bank clock into synchronism with the unit clock.

Well given that they didn't think about the idea that you could attach an mp3 player to the back of an ATM and get all the card details, perhaps not.

Also consider that they didn't think that people might go through their rubbish, or steal a laptop from an employee's home.

I have this terrible feeling in my water that you actually believe that.

The point you miss is exactly what good would it do you with out access to the bank computer system and the passwords, codes and authentication to get to the point where this data could be usefully entered.

It isn't just a case of dashing home and popping the numbers in to a web page.

But none of that gives someone access to the bank's computer system, which is of course what we are talking about. :-)

Not feasible without far more computing power than any criminal is likely to have available. All of those I have seen have used at

*least* 6 digits, and sometimes including letters as well as numbers.

And you are assuming that the number generated is based on the previous one used. They are often generated every x seconds, so the customer will rarely enter two sequential ones.

As I say, many of them generate a new code every x seconds, and the bank will know what code a particular fob should show at any given time.

Otherwise, they can hold a few numbers from the sequence (say the next

10) to allow for accidental presses, and if the number is one of those, then it will reset the "current" position in the sequence.

I will give you a parallel example. A Californian police communications centre that deals with 911 calls had a standby generator in the basement. There was an earthquake, the power went off, but the generator did not start. Reason - the fuel pump was fed from mains power.

Not parallel, more tangential.

I get the point. See my reply from 25 hours ago where I told Alec Heney that I was just letting my imagination wander.

The last time I was in a branch (Maybe 3-4 years ago, I do all my banking online) I was left unattended with a computer sitting at the NT login box. IIRC it was for around 5-10 minutes while the lady went off to dispute a DD I'd complained about. Plenty time to transfer funds.

You are assuming all fraud would come from outside the bank. If dodgy employees found out their colleagues username/password combinations there's a possibility of fraud there.

You know, I would be really surprised if banks *didn't* have some kind of remote administration procedure. That kind of thing would never be publicised because customer's don't need to know. Whether the low level teller staff at your local branch have this access is a matter of internal policy, although if it were me administrating security, I would deny them remote access.

However just by extrapolating from the urgent need that exists for their IT staff (especially security) to be able to remotely log in to their bank's network should an out-of-hours emergency arise, I would definitely say remote administration exists, with the remote user, being sufficiently cleared, would have total control over all files.

The checks-and-balance probably come into play because the bank records are backed up to hardcopy every so often, meaning that even if a high-level IT chap turns out to be a bad apple, s/he would have to be falsifying records for ages for it to go undetected.

I wrote a simple test program on my own which searches through a sequence of 100 random numbers corresponding to 1,000,000 different random seeds for a match of 3 random numbers in the sequences tested.

It takes about 12 seconds to both generate the (1e8) random numbers and sift through all of them on a basic Pentium 4 3.0GHz desktop. And I didn't even use an efficient search algorithm, just brute force.

If someone took the time and had a parallel cluster of these machines, they could search through a much larger space to accurately predict the next number to be generated on the fob.

Yeah, I misunderstood that bit. I thought the fob generates a number every time the button is pressed, and not based on (discrete) real time steps. The above will still work with some modification though; the crook just needs to know what the time interval for generating new numbers are, some samples of numbers corresponding to their time intervals and ideally, what the function used to scramble the numbers are (this reduces the search space a LOT). Of course the latter will be hard to obtain, but it is a "fixed target" in a sense (it doesn't change with time) and once all the changes are made (fobs given to customers, synchronisation, etc.) there will be, I think, too much bureaucratic inertia for them to change it even IF they know the function has been compromised.

The clever bit about the timed method is that the crook needs to predict the right number before it "expires", and it might take some time to do (see above). However if they know the scrambling function then they can simply predict the expected number a suitable time in advance.

If it was left "logged on" to the point all you had to do was enter the top level passwords for access, then yep, you could fill your boots.

I am assuming nothing of the sort and instead am keeping to the topic of wireless keyboards and their security. :-p

The person with the keylogger will probably get something like this:

hi h r u? cool, what u up to i work in a bank, wot about u?