Ask the Expert

Can secure USB devices prevent man-in-the middle attacks

I've heard about new devices that connect to USB ports and create a secure communication channel to online banking servers. Can this type of technology prevent man-in-the middle attacks, and will they become mainstream in the future?

    Requires Free Membership to View

I think this is a great idea. However, the devil is in the details. There can be outstanding implementations of this technology as well as bad ones. For example, if the session with the bank does not employ proper SSL certificate verification, it may still be possible to hijack the session via a man-in-the-middle attack.

I have also seen implementations of this technology where the only authentication is with the key. This is not an optimal approach; if someone has the key, an attacker can log in to your bank without a user ID or a password. The better implementations utilize the key along with an ID and password.

This was first published in April 2009

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: