Gokul Blog — A conversation on VoIP, IMS, Cisco and Just about Anything

Deeper analysis of VoIP

Hacking Citibank’s Virtual Keyboard

Posted by tggokul on May 14, 2007

I have been using Citibank’s virtual keyboard for  last three and half years sometime now and have always been skeptical that this would actually make my transactions secure. A security researcher in India has vindicated my beliefs. I am by no standards a smart hacker, but even I knew that if you can run any of the ‘N’ number of applications that can decode the string in the textbox, you can get the password for that account.

Let me explain how the virtual keyboard works. Every time you type in your account number, a virtual keyboard is presented that lets you click the digits of your password. These digits go in an encrypted form to the textbox that is present in that screen. And when you press enter you are allowed to login.

My friend and I have actually tried out an application which just essentially requires you to just point your mouse to that textbox and voila you get the actual password. So trust me, we knew this was pretty insecure, but we didn’t care since I knew the hackers wouldn’t be too interested in my bank account considering I don’t own a whole lot 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: