Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Man in The Middle attack. Show all posts

Possible Virus attack on Citibank Transactions : Man-in-Middle attack

Yash from Red Force Labs found have developed a Proof-of-concept malware almost a year back to attack Online banking using Man-in-Middle attack method. Recently he released a public video that demonstrates the MITM attack on Citibank India.

When a consumer transfers fund to A, this malware modifies the transaction to make sure it goes to B in real-time without user knowledge.

Man in Middle attack or Man in Browser attack is well known in the Internet Banking. Zeus is well known malware of this kind, which has stolen more than 200 US Million $ in many users accounts without the knowledge of consumers. Many Blackhat users have used Zeus Kit or Sources available and customized for different backs to steal money, this malware has capability to defeat two factor authentication based on Mobile. Few years back these types of attacks are not known, that does not mean it was not possible to perform this type of attacks, it was waiting to happen like many attacks are still waiting to happen in e-commerce world.

The demo explains how malware redirects the fund transfer to different Bank, different account number, increase amount. This malware is configurable, where attacker can mention any bank account as attacker account.This types of attacks are possible on many banks across the world and it is very sophisticated attacks, where malware does not need to steal authentication information of user


Diebold Touch-screen Voting Machine Can be hacked by Man in the Middle Attack With $26

"Voting Machines Can be hacked easily by Man in the Middle Attack method with only $10.50(No need of Million dollars donations). For remote control, it costs $15.  So totally $26 needed to hack the Voting Machines With remote control."
 Vulnerability Assessment Team (VAT) at the U.S. Dept. of Energy's Argonne National Laboratory in Illinois.

Man In the Middle Attack:
What makes this hack so troubling --- and different from those which have come before it --- is that it doesn't require any actual changes to, or even knowledge of, the voting system software or its memory card programming. It's not a cyberattack. It's a "Man-in-the-middle" attack where a tiny, $10.50 piece of electronics is inserted into the system between the voter and the main circuit board of the voting system allowing for complete control over the touch-screen system and the entire voting process along with it.

Add an optional $15 radio frequency remote control device, and votes can be changed, without the knowledge of the voter, from up to half a mile away. Without the remote, the attack can be turned on and off at certain times, or by other triggers. The voter would have no idea that their votes have been changed after they've already approved them as "correct" on the various confirmation screens, and even on the so-called "paper-trail"

The inserted chip can later be removed after the election without there being any way to ever know that someone had completely manipulated the system. But since election officials rarely --- if ever --- examine the inside of their voting machines, it doesn't much matter, in truth.

"The level of sophistication it took to develop the circuit board" used in the attack "was that of basically an 8th grade science shop," says Argonne's John Warner. "Anybody with an electronics workbench could put this together."

The team, he says, had no knowledge of the voting machine's computer circuit diagram or owner's manual when they devised the attack. Moreover, VAT team leader Roger Johnston told me they believe they "can do similar things on pretty much every electronic voting machine." Indeed, in 2009, with little fanfare, they were able to carry out a similar manipulation of a Seqouia AVC Advantage e-voting system (as used across most of the state of New Jersey, for example).

Video Demo: