Attacking Audio One Time Passwords at 1100Hz

Presented at Kiwicon 6: The Con of the Beast (2012), Nov. 18, 2012, 9:45 a.m. (30 minutes)

Audio one time passwords systems are commonly used in mobile banking / finance systems in developing countries to leverage the high levels of not-smart mobile phone ownership in rural areas. The research described in this talk employs; signal processing, audio plugins, phreaking concepts, cryptanalysis and war dialling, to develop a methodology for analysis and implement an attack against audio one time password systems.

Presenters:

• Shingirayi Padya
  Shingi also works for AIS, and when not plotting how to take over African telcos, spends most of his days pentesting.
• Graeme Neilson
  Graeme is a security researcher for Aura Information Security (AIS) in New Zealand. He has talked at security conferences around the globe including BlackHat, CanSecWest, and H2HC on topics such as developing rootkits for firewalls and the security implications of quantum cryptography.

Links:

• https://2012.kiwicon.org/the-con/talks/#e53

Similar Presentations:

• CanSecWest 2022 / Bad ALAC: One codec to hack the whole world
• Notacon 1 (2004) / Musical recording technique and practice
• DEF CON 15 (2007) / Real-time Steganography with RTP