IBM develops 'security on a stick'

News by SC Staff

IBM is developing a device that allows for the protection of online banking transaction.

IBM is developing a device that allows for the protection of online banking transaction.


The ‘security on a stick' will allow customers to protect their transactions when plugging into various computers. It will also search the computer to check whether Trojan downloaders are trying to steal funds from the users account.


Officially called the ‘Zone Trusted Information Channel' due to it setting up a secure channel to an online banking site supporting it, when plugged into any computer it creates an TLS/SSL-based channel to a banking server.


It also acts as a proxy program that lets the user connect over the Internet to the bank's server, and makes visible to the user exactly what is transmitted over this channel to the bank.


Senior researcher Michael Baentsch claimed that it is currently at a prototype stage and being tested in a few trials in Europe. He said: “The stick is the secure communication endpoint, what the stick sees, the server gets.


“It doesn't prevent a man-in-the-middle attack on the PC, but it makes them visible. So after logging on, if a banking customer intended to complete a certain transaction but saw that inexplicably there was different information about to be transferred - perhaps through a trick of a Trojan on the machine - that action could be stopped.


“The user can say ‘no', this isn't what I intended. The device doesn't detect or eradicate the Trojan itself, but does give users a better chance at thwarting malware-based attacks - if they're paying attention to what they're doing by checking the window of protection provided by the Zone Trusted Information Channel.”



Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews