CSG on Swiss TV

On May 31, 2011, “Kassensturz”, a popular consumer magazine on Swiss TV, will look into e-banking systems as offered to customers of Swiss banks. Members of the CSG participated in evaluating the usability and security of e-banking systems of Migrosbank, UBS, Raiffeisen, Berner Kantonalbank and Postfinance. Due to the legal situation in Switzerland, a security evaluation  – in this case tantamount to a limited penetration test – could only be carried out with the explicit consent of the banks concerned.

In our security evaluation we mimicked a real case of an e-banking fraud attempt, in which an on-going session of an e-banking customer was hijacked by cyber-criminals. The hijackers managed to initiate a transfer of a five digit amount to an account presumably under their control. Ultimately the off-line anti-fraud system of the bank detected the anomaly and blocked the attempted scam.

On behalf of  Kassensturz we investigated to what extent the e-banking systems under test are vulnerable to the same type of session hijacking as in the real case. The results vary significantly.

Don’t miss “Kassensturz” on May 31st, 21:o5 hours, Swiss TV SF1. http://www.kassensturz.sf.tv/

 

About plattner

Bernhard Plattner is a Full Professor of computer engineering at ETH Zürich (Swiss Federal Institute of Technology) in Zürich, Switzerland, where he leads the Communication Systems Group.
This entry was posted in General. Bookmark the permalink.

One Response to CSG on Swiss TV

Leave a Reply

Your email address will not be published. Required fields are marked *