SyScan'06 Highlight - Is Phone Banking Safe?
- To: security-basics@xxxxxxxxxxxxxxxxx, firewalls@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, focus-ids@xxxxxxxxxxxxxxxxx, newslist@xxxxxxxxxxxxxxxxxxxxxx, forensics@xxxxxxxxxxxxxxxxx, vuln-dev@xxxxxxxxxxxxxxxxx, webappsec@xxxxxxxxxxxxxxxxx, funsec@xxxxxxxxxxxx
- Subject: SyScan'06 Highlight - Is Phone Banking Safe?
- From: thomas48 <thomas48@xxxxxxxxxxxxxx>
- Date: Wed, 28 Jun 2006 12:21:50 +0800
- Cc: organiser@xxxxxxxxxx
- List-help: <mailto:bugtraq-help@securityfocus.com>
- List-id: <bugtraq.list-id.securityfocus.com>
- List-post: <mailto:bugtraq@securityfocus.com>
- List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
- List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
- Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
- User-agent: Mozilla Thunderbird 1.0.7 (Windows/20050923)
This is a brand new presentation and its going public for the very first
time in SyScan'06.
Marek Bialowlowy is a Polish security researcher based in Southeast Asia
whose expertise is researching into mobile technologies like phone
banking, wifi and bluetooth etc. In this presentation in SyScan'06, he
will present his shocking findings in one of the most popular banking
application.
Use of a telephone in banking is considerably widespread. The most
popular is certainly the interactive voice response (IVR) technology,
which has been adopted by nearly all major banks. There is also a new
successor of this technology that is a mobile banking. It is mainly
based on SMS or STK (SimToolkit) and the popularity of it is rapidly
increasing largely thanks to the popularity of mobile phones. Certainly
with benefits of new technology also come new threats which have to be
addressed. Meanwhile, the old IVR based technology still lacks security,
which questions the overall safety of using phone in banking services.
The presentation summarises results of comprehensive analysis into phone
banking security and introduces never previously presented attack
scenarios on phone banking systems, reveals the security weakness in
phone banking systems of a major banks and explains some potential
methods of minimising the risks.
Other presentations at SyScan'06 include:
Unpacking Malware, Trojans and Worms - Paul Craig
Towards Automated Botnet Detection and Mitigation - Thorsten Holz
I-worm Fuzzer: A new propagation type of worm - Enrique Sanchez
Securing Linux/Unix Systems - Andrew Griffiths
VoIP Security Issues - Hendrik Scolz
Exploiting Embedded System - Barnaby Jack
Reverse Engineering Microsoft Binaries - Alexander Sotirov
Feeding Fuzzing - ByteRage
Writing behind a Buffer - Angelo Rosiello
Skeletons in Microsoft Closet - Andre Protas
Binary Analysis; finding secrets in ISAPIs
Yet Another Web Application Testing Toolkit - Fyodor Yarochkin
Oracle Rootkit and Viruses - Alexander Kornbrust
Attacking Microsoft Vista - Joanna Rutkowska
For more information, please visit
http://www.syscan.org