LiveCDs and Online Banking
Recent news reports are suggesting that a number of Australian financial institutions are considering distributing modified Knoppix LiveCDs to their customers to allow them a more secure online banking experience.
Conceptually this is a very smart move to make, however it is fraught with difficulties that the users who would most benefit from this will find problematic. The LiveCD will provide a means to bypass any keyloggers, spyware or adware that is installed on the machine, since it is booting from the CD-ROM. Presuming that the computer is running a Windows based Operating System, the LiveCD will not run any of the keylogging or spyware software since it is a Linux installation and Windows and Linux are binary incompatible for most software applications. Binary compatibility allows two different operating systems to run the same application file as if it were designed for the system. For example, Windows 98 software is mostly binary compatible with Windows XP. This means that you can run most of your Windows 98 software on your Windows XP installation without any problems. Similarly, because they are binary incompatible, you are not likely to be able to run any OS X software on a Windows XP system.
Knoppix LiveCDs are generally designed to be read only (i.e. CD-R), and although it is possible to operate without using the hard drive, the advanced management tools that Linux distributions tend to come with highlight a major risk for inexperienced users to cause major damage to their existing Operating System installation. The variant being proposed for the Australian financial institutions apparently will have most of these tools removed to prevent inadvertent system destruction or damage by inexperienced users.
From another perspective, the LiveCD will not be useful to users in a corporate setting where IT policy may be established to prevent computer terminals from booting from the CD ROM drive. There are a couple of reasons why this may be the case:
- It will also drop any terminal off the network - likely preventing any external internet access.
- It would be considered a major internal security breach for the network, and that system in particular. The unknown tools that a bootdisk may contain would be the primary concern for corporate IT departments, as it could allow the user to retrieve passwords, bypass local restrictions, modify system files, and have complete access to the local system.
For home users, using this disc means that they will need to reboot their system each time that they want to access the bank's internet site. By tuning the CD to automatically detect a wider range of hardware, it means a greater range of systems that the disk will operate on. However, by being read only, it means that there is limited scope to update or tune drivers so that it can be used on an unsupported system. Configuring the network connection will also be required for each and every time that the user accesses the bank site. Most users would be hard pressed to recall the applicable dial up, or ADSL / Cable, configuration requirements for their particular ISP. Some ISP's continue to deny support to Linux / Unix installs which will cause further problems for end users who attempt to seek ISP support for using the disk.
Should a Knoppix disk require updating, the bank will need to redistribute disks to all customers (which would be cost prohibitive), as it is pointless distributing a writeable LiveCD. For example, a vulnerability was recently identified with the Mozilla family of internet browsers (Mozilla, Firefox, Camino), which dumped the contents of sections of RAM to the web browser. Having a read only system will not stop someone from stealing internet passwords in this case. In testing of this vulnerability it was confirmed that login and password details could be grabbed, and the attack could be completely invisible to the end user, just requiring the user to visit a website. Had LiveCDs been distributed to end users at this point it would have required a complete redistribution, as the primary web browser is vulnerable to disclosure of sensitive information.
This is one of the major weak points of the system. Organised crime syndicates only need to identify clients of that particular financial institution, and distribute a disk which is an 'update', which has customised hosts files which point to the syndicates site of preference, which is set up to act as a man in the middle attack, or to imitate the banking site and intercept the login information prior to redirecting to the main banking site. Alternatively, the software tools could be vulnerable versions, and a rootkit could be installed which allows the syndicate full control of the computer even though the user is using the LiveCD.
Security is not achievable just using LiveCDs.
A better solution is to use the approach that a number of European banks use, in that a one time pad is used when the user logs in to the online banking site, which becomes two factor authentication (something the user has - the one time pad, and something the user knows - the login password). The one time pad is a card that the user obtains from their bank, which has a set of unique passwords on it. Each time a password is used up, it is crossed off and can not be used again. This forces a thief to actually obtain the card in addition to the online login / password, which greatly restricts the geographic area that the attack can be carried out in.
The Esperanto Security suite offers authentication mechanisms ranging from single factor authentication, through to triple factor authentication (using a third party to verify the identity of the user), and is suited to application in the online financial environment.
11 April 2005
Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.
Comments will soon be available for registered users.