full text in PDF format, German version

Man-in-the-Middle Attacks against the chipTAN comfort Online Banking System

ChipTAN comfort is a new system which is supposed to securely authorise online banking transactions by means of a trusted device. It is assumed that chipTAN comfort specifically protects against man-in-the-middle attacks. Such attacks are currently putting bank customers who are using the iTAN system at risk. RedTeam Pentesting examined chipTAN comfort and showed that even when using this system, man-in-the-middle attacks can compromise online banking security.

Full Text

• English: “Man-in-the-Middle Attacks against the chipTAN comfort Online Banking System”
• German: “Man-in-the-Middle-Angriffe auf das chipTAN comfort-Verfahren im Online-Banking”.

Related Information

• Press Release (German)
  Online-Banking: Erfolgreicher Angriff gegen chipTAN comfort-Verfahren (PDF-Version)
• Advisory from 2005 regarding iTAN:
  New banking security system iTAN not as secure as claimed
• Press Release from 2005 regarding iTAN (German):
  Forschungsgruppe „RedTeam” der RWTH Aachen warnt vor trügerischer Sicherheit des neuen iTAN Verfahren.
• Bundeskriminalamt (Germany’s Federal Criminal Police Office):
  Kernaussagen zur IuK-Kriminalität 2008 (German)