print · source · login   

ABN AMRO e.dentifier2

Source publication: [CPPR14]

Tag: security

Description

The e.dentifier2 is a hand-held smart card reader with a small display, a numeric keyboard, and OK and Cancel buttons. Customers of the Dutch ABN AMRO bank use it for Internet banking in combination with a bank card and a PIN code. The authors of [CPPR14] showed that model learning can be successfully used to reverse engineer the behavior of the e.dentifier2, by using a Lego robot to operate the devices. The Mealy machines that are automatically inferred by the robot reveal a security vulnerability in one such a device, the e.dentifier2, that was previously discovered by manual analysis, and confirm the absence of this flaw in an updated version of this device.