Got malware? Now you can bank online anyway

Got malware? Now you can bank online anyway

Summary: The CSIRO has developed a tool it says will prevent criminals snooping online communications, but hacking experts say the system is not foolproof.

SHARE:

The CSIRO has developed a tool it says will prevent criminals snooping on online communications, but hacking experts say the system is not foolproof.

The tool, dubbed the Trust Extension Device (TED), developed by the government research body, is a set of software tools loaded on to a portable storage device, which the CSIRO claims will allow online banking customers to create a quarantined desktop environment on computers that have been compromised by trojans, viruses or other malware.

"The TED is a set software components currently because it's implemented on a USB stick. It essentially starts a virtualisation machine. It's built on top of QEMU virtualisation software," TED's developer, Dr John Zic, research director of the CSIRO's Networking Technologies Laboratory.

"When you plug the device in, it then starts this virtualisation software, creating a separate bubble if you will -- an execution environment within which a small operating system starts up," he said.

The virtual operating system also contains a set of cryptographic functions as well as an e-mail client or banking client. Before it runs an application or allows a transaction to occur, the TED establishes trust with the remote enterprise server requiring both ends to prove their identities to each other.

Dr Zic also hopes to see the technology applied to secure communications in the healthcare sector.

"What we're proposing is an extension to that where you can have a whole group of people each with their own TED to start up their own secure collaboration environment," he said.

But not everyone is convinced by the technology because the virtualised environment still shares some components of a computer with the base operating environment.

"Because the virtualised environment comes up within that base operating system, a trojan is still able to capture screenshots, see what windows you're viewing, and see what numbers you're typing in with your Internet banking," Pure Hacking penetration tester Ty Miller told ZDNet.com.au.

"Keylogging may be a bit more difficult, but it depends on whether the host [base] operating system can detect the keystrokes that are being entered into the virtualised environment," he added.

Another question is whether the tool is a read-only device. If files can be written to the location of the operating system, the trusted environment can be also compromised, said Miller.

Nonetheless, over the next month the CSIRO will be seeking expressions of interest to commercialise the product.

Topics: Security, Banking, Emerging Tech, Hardware, Malware, Virtualization

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Not a panacea

    As a long-term QEMU fan and user, I'm delighted to hear that CSIRO have chosen it...

    ...but I simply don't agree with the opening sentence that this will "prevent" criminals snooping on on-line conversations. It will not.

    If the virtual machine is running in a compromised host operating system, then the guest operating system (the one inside the virtual machine) _must be considered compromised too_.

    You can't uncompromise a computer simply by launching a virtualisation layer on top of the compromise!
    anonymous
  • QEMU

    Hey, I had that idea last year. Have CSIRO been reading nz.comp and NZ blogs? I had this idea after discovering Puppy Linux which can be started from a batch file on top of Windows. Screen capture is no use to a trojan if all they get is a string of asterisks for your customer id and password.
    anonymous
  • Better solutions already commercialised

    As much as I've love to see an Australian invention being licenced by international security firms, the fundamental issue of financially motivated malware - ie: keyloggers was sorted out by Trend Micro last September.
    anonymous