Revision as of 12:01, 4 April 2016 edit Dewritech (talk \| contribs) Extended confirmed users, New page reviewers, Rollbackers 175,296 edits →Software implementations: clean up, typo(s) fixed: Indeed → Indeed, using AWB ← Previous edit		Revision as of 20:54, 17 June 2016 edit undo 83.85.109.229 (talk) →Vulnerabilities Next edit →
Line 42: ==Vulnerabilities== Cambridge University researchers Saar Drimer, [[Steven Murdoch]], [[Ross J. Anderson\|Ross Anderson]] conducted research<ref name="cambridge">[http://www.cl.cam.ac.uk/~sjm217/papers/fc09optimised.pdf Optimised to fail: Card readers for online banking]</ref> into the implementation of CAP, outlining a number of vulnerabilities in the protocol and the UK variant of both readers and cards. Numerous weaknesses were found. [[Radboud University]] researchers found a vulnerability in the Dutch [[ABN AMRO]] e.dentifier2, allowing an attacker to command a [[USB]] connected reader to sign malicious transactions without user approval.<ref name="radboud">[http://www.cs.ru.nl/~rverdult/Designed_to_Fail_A_USB-Connected_Reader_for_Online_Banking-NORDSEC_2012.pdf Designed to Fail: A USB-Connected Reader for Online Banking]</ref> ==Users==

Chip Authentication Program: Difference between revisions