Hardware trojans against virtual keyboards on e-banking platforms - A proof of concept
Articles
Overview
published in
publication date
- June 2017
start page
- 146
end page
- 151
volume
- 76
Digital Object Identifier (DOI)
full text
International Standard Serial Number (ISSN)
- 1434-8411
Electronic International Standard Serial Number (EISSN)
- 1618-0399
abstract
- In the last years there has been a considerable growth on the number of users id on-line banking (Szopinski, 2016). Banks must implement strong security solutions and users have to feel safe about the security offered. To securize the users' access, virtual keyboards are commonly used. Unlikely, virtual keyboards are vulnerable to shoulder surfing and malicious software-based attacks such as malware and Trojans (Nadkarni et al., 2011; Sapra et al., 2013). In this article we propose a Hardware Trojan (HT), which targets a VGA display and is able to reveal the private information clicked by the user on a virtual keyboard. This HT is very harmful since it defeats the countermeasures (e.g., keyboard mutation or obfuscation) generally used to combat malicious pieces of software (Nayak et al., 2014; Parekh et al., 2011; Rajarajan et al., 2014). (C) 2017 Elsevier GmbH. All rights reserved.
Classification
subjects
- Computer Science
keywords
- hardware trojans; vga display; on-line banking; virtual keyboards; authentication; keyloggers; adoption; attacks; threat