IBM researchers have come up with a small device they like to call "security on a stick" for use in online banking so customers plugging into any computer can protect transactions and find out if Trojan malware is trying to steal funds.
Created in IBM's Zurich Research Lab]], the "security on a stick" is still a prototype and being tested in a few trials in Europe, says Michael Baentsch, a senior researcher there. IBM, which unveiled the device Wednesday, officially calls it the "Zone Trusted Information Channel" because the little USB-based device works to set up a secure channel to an online banking site supporting it.
"The stick is the secure communication endpoint," says IBM researcher Michael Baentsch. "What the stick sees, the server gets."
When the device is plugged into any computer, it creates an TLS/SSL-based channel to a banking server. But beyond that, it also acts as a proxy program that lets the user connect over the Internet to the bank's server, and makes visible to the user exactly what is transmitted over this channel to the bank.
"It doesn't prevent a man-in-the-middle attack on the PC, but it makes them visible," Baentsch says. So after logging on, if a banking customer intended to complete a certain transaction but saw that inexplicably there was different information about to be transferred -- perhaps through a trick of a Trojan on the machine -- that action could be stopped.
"The user can say 'no,' this isn't what I intended," Baentsch says.
The device doesn't detect or eradicate the Trojan itself, but does give users a better chance at thwarting malware-based attacks -- if they're paying attention to what they're doing by checking the window of protection provided by the Zone Trusted Information Channel. IBM, which hasn't announced general availability of the device yet, says it's a way for banking customers to validate online transactions in an era when malware bank Trojans have become prevalent.