Threats: Man in the Browser
A Man-in-the-Browser attack uses a piece of attack software, typically a Trojan horse program, to interject itself between the user and the browser. The program can modify the data between the user and the browser's security mechanism. A Man-in-the-Browser attack program typically takes the form of a trusted browser extension, a DLL (dynamically linked library), or a browser helper object.
Man-in-the-Browser is particularly insidious because it has no user-observable symptoms; from the user's point of view, the web transaction is taking place normally with expected interactions with the server (albeit with different values than those intended by the user). As such, it is virtually impossible for a user to detect while it is taking place. It can bypass authentication, modify web sessions at will, and initiate fraudulent transactions.
The
Silentbanker Trojan is a recent and potentially costly Man-in-the-Browser attack targeting banking transactions. It uses a Trojan to attempt to intercept banking transactions – even those guarded by two-factor authentication. By redirecting or changing requests, the attack can direct money into attackers' accounts.
The Man-in-the-Browser attack is a form of the
Man in the Middle (MITM) attack where a perpetrator interjects itself between legitimate communicating parties. Unlike other Man in the Middle attacks where the attack typically takes place at the protocol layer, Man in the Browser occurs at the system level, between the user and the browser.
How does TriCipher Prevent Man in the Browser Attacks?
The
TriCipher Armored Credential System (TACS) provides both user authentication to protect the initial login to web applications and transaction authentication to verify the authenticity of online transactions. TriCipher's patented multi-part credentials and Authentication Ladder™ enable customers to easily extend their authentication infrastructure to implement transaction authentication with no additional hardware, software, or change in the user experience.
TriCipher
Armored Transactions is the first
transaction authentication solution that is low-cost and user-friendly enough to be widely adopted for consumer and business transactions, while at the same time preventing Man in the Browser attacks. It works by displaying details of each transaction, which users then verify. While users' experience is as simple entering passwords and clicking a mouse, behind the scenes TriCipher's patented
PKI-based technology digitally signs the transaction through a separate secure connection, legally proving that the user authorized the transaction.
Man in the Middle attacks can modify customer-generated transactions or generate new transactions; phishing/pharming directs a customer to a bogus server that completes the connection to the bank's server. The man "in the middle" might actually be in the customer's PC: Trojan software can create a hidden browser session and generate transactions on the back of a legitimate strongly authenticated session — a "man in the browser" attack. Note that these are not attacks against the authentication method. They usurp or "piggyback" on legitimate user access to the bank's Web site and will succeed no matter how strong the authentication method. While the incidence of such attacks remains low, we expect that this will increase significantly within the next two to three years. To protect against more-sophisticated attacks, additional safeguards are required.
Avivah Litan, Ant Allan
Transaction Verification Complements Fraud Detection and Stronger Authentication,
12-Sep-2006
Gartner, Inc.
