Q

Can secure USB devices prevent man-in-the middle attacks

Expert John Strand reveals an interesting way of addressing man-in-the-middle attacks.

This Content Component encountered an error
I've heard about new devices that connect to USB ports and create a secure communication channel to online banking servers. Can this type of technology prevent man-in-the middle attacks, and will they become mainstream in the future?
I think this is a great idea. However, the devil is in the details. There can be outstanding implementations of this technology as well as bad ones. For example, if the session with the bank does not employ proper SSL certificate verification, it may still be possible to hijack the session via a man-in-the-middle attack.

I have also seen implementations of this technology where the only authentication is with the key. This is not an optimal approach; if someone has the key, an attacker can log in to your bank without a user ID or a password. The better implementations utilize the key along with an ID and password.

This was first published in April 2009
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

This Content Component encountered an errorThis Content Component encountered an error

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.
This Content Component encountered an error

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close