Threat Research

Shmoocon 2011 talk: Defeating mTANs for Profit

By Guillaume Lovet | January 27, 2011

Tomorrow starts the quite famous - and ever sold-out - security conference Shmoocon, held in Washington DC until Sunday. The keynote this year will be filled by Peiter Mudge Zatko, inventor of L0phtcrack and early pioneer of buffer overflows.

Among the talks filling the tri-tracks program (Build it / Break it / Bring it on), we're glad to find our Crypto Girl, Axelle, who will present a paper she co-wrote with Kyle Yang (another regular poster on this blog) on the infamous mobile phone malware Zitmo, that we discovered (simultaneously with Spanish company S21sec) and named last September.

Zitmo stands for "ZeuS in the Mobile"; this offspring of the gang behind the infamous banking credential theft kit named "ZeuS" has the interesting peculiarity of attacking so-called "mTAN" (mobile Transaction Authentication Number), which are sent as SMS messages by many banks to serve as a second authentication factor, when customers want to initiate a financial transaction online.

Axelle will elaborate on the details during the preso, so if you're around, make sure you attend!

Join the Discussion