[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:00.00,0:00:14.18,Default,,0000,0000,0000,,{\i1}33C3 preroll music{\i0}
Dialogue: 0,0:00:14.18,0:00:19.17,Default,,0000,0000,0000,,Herald: Next talk is gonna be “Shut up\Nand take my money” by Vincent Haupert.
Dialogue: 0,0:00:19.17,0:00:22.45,Default,,0000,0000,0000,,Vincent is a research associate\Nat the security research group
Dialogue: 0,0:00:22.45,0:00:26.43,Default,,0000,0000,0000,,of the Department of Computer Science\Nat Friedrich-Alexander-Universität
Dialogue: 0,0:00:26.43,0:00:34.22,Default,,0000,0000,0000,,in Erlangen, Nürnberg, Germany.\NTypical, very long German word.
Dialogue: 0,0:00:34.22,0:00:37.54,Default,,0000,0000,0000,,His main research interests are\Nauthentication, system security
Dialogue: 0,0:00:37.54,0:00:39.97,Default,,0000,0000,0000,,and software protection of mobile devices.
Dialogue: 0,0:00:39.97,0:00:43.17,Default,,0000,0000,0000,,It’s actually Vincent’s second time\Nspeaking at the Congress.
Dialogue: 0,0:00:43.17,0:00:48.85,Default,,0000,0000,0000,,Last year’s talk discussed conceptual\Ninsecurity of app-generated passwords
Dialogue: 0,0:00:48.85,0:00:53.81,Default,,0000,0000,0000,,in online banking. This year\Nhe will discuss the practical aspects
Dialogue: 0,0:00:53.81,0:00:58.90,Default,,0000,0000,0000,,and some successful hacks that,\Nif I recall correctly,
Dialogue: 0,0:00:58.90,0:01:02.27,Default,,0000,0000,0000,,took over entire bank accounts\Nfrom users’ mobile apps.
Dialogue: 0,0:01:02.27,0:01:05.11,Default,,0000,0000,0000,,With that, Vincent, over to you.
Dialogue: 0,0:01:05.11,0:01:11.71,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:01:11.71,0:01:15.23,Default,,0000,0000,0000,,Vincent Haupert: Hello again,\Nthanks for the warm welcome,
Dialogue: 0,0:01:15.23,0:01:19.58,Default,,0000,0000,0000,,and let’s dive right into it\Nbecause we have a tough program.
Dialogue: 0,0:01:19.58,0:01:25.15,Default,,0000,0000,0000,,Okay. First of all, online banking\Nis something that affects us all,
Dialogue: 0,0:01:25.15,0:01:29.35,Default,,0000,0000,0000,,because virtually everybody uses it.\NIn traditional online banking,
Dialogue: 0,0:01:29.35,0:01:33.62,Default,,0000,0000,0000,,we use two devices.\NOne to initiate our payments
Dialogue: 0,0:01:33.62,0:01:36.95,Default,,0000,0000,0000,,– and to log in\Nwith user name and password –
Dialogue: 0,0:01:36.95,0:01:41.30,Default,,0000,0000,0000,,and another device\Nto confirm transactions.
Dialogue: 0,0:01:41.30,0:01:47.81,Default,,0000,0000,0000,,With the rise of mobile devices, app-based\Nconfirmation procedures became popular
Dialogue: 0,0:01:47.81,0:01:53.21,Default,,0000,0000,0000,,like this app there.\NIn the recent past,
Dialogue: 0,0:01:53.21,0:01:59.09,Default,,0000,0000,0000,,what I have been talking about last year,\Nit became popular
Dialogue: 0,0:01:59.09,0:02:03.42,Default,,0000,0000,0000,,to implement those two devices\Nin two apps. That means you only have
Dialogue: 0,0:02:03.42,0:02:07.05,Default,,0000,0000,0000,,one single device and have two apps now
Dialogue: 0,0:02:07.05,0:02:12.61,Default,,0000,0000,0000,,to authenticate transactions.
Dialogue: 0,0:02:12.61,0:02:18.64,Default,,0000,0000,0000,,Last year I showed that this has\Nsevere conceptional drawbacks.
Dialogue: 0,0:02:18.64,0:02:26.80,Default,,0000,0000,0000,,But this is not the end of it.\NThe latest evolution in online banking
Dialogue: 0,0:02:26.80,0:02:31.68,Default,,0000,0000,0000,,are now one-app authentication models.\NI already said this last year:
Dialogue: 0,0:02:31.68,0:02:36.41,Default,,0000,0000,0000,,Actually, it doesn’t make so much\Ndifference. So banks are no longer faking
Dialogue: 0,0:02:36.41,0:02:41.89,Default,,0000,0000,0000,,to have real two-factor authentication.\NIt’s now clear that it’s just one,
Dialogue: 0,0:02:41.89,0:02:46.72,Default,,0000,0000,0000,,so you do the transaction initialization\Ninside the app
Dialogue: 0,0:02:46.72,0:02:51.53,Default,,0000,0000,0000,,and the confirmation is just\Nanother dialog inside the app.
Dialogue: 0,0:02:51.53,0:02:55.80,Default,,0000,0000,0000,,This time I want to talk about N26,
Dialogue: 0,0:02:55.80,0:03:02.11,Default,,0000,0000,0000,,the shining star\Non the German FinTech sky.
Dialogue: 0,0:03:02.11,0:03:09.24,Default,,0000,0000,0000,,Actually, this time I’m only going to be\Ntalking about technical issues.
Dialogue: 0,0:03:09.24,0:03:14.49,Default,,0000,0000,0000,,It’s clear that we have similar conceptual\Nproblems like with two-app authentication,
Dialogue: 0,0:03:14.49,0:03:21.28,Default,,0000,0000,0000,,but I will focus on technical issues\Nbecause we have enough of this there.
Dialogue: 0,0:03:21.28,0:03:26.34,Default,,0000,0000,0000,,Briefly about N26: N26 is\Na Berlin-based, “Mobile First” FinTech
Dialogue: 0,0:03:26.34,0:03:31.15,Default,,0000,0000,0000,,and it plans to establish your smartphone\Nas your financial hub
Dialogue: 0,0:03:31.15,0:03:35.86,Default,,0000,0000,0000,,for everything, so that you do\Nliterally everything
Dialogue: 0,0:03:35.86,0:03:40.88,Default,,0000,0000,0000,,from inside the app.\NActually it was only founded in 2013,
Dialogue: 0,0:03:40.88,0:03:45.79,Default,,0000,0000,0000,,it started in 2015 with their app and it\Nalready has over 200.000 customers,
Dialogue: 0,0:03:45.79,0:03:49.71,Default,,0000,0000,0000,,which is astonishing, actually.
Dialogue: 0,0:03:49.71,0:03:53.65,Default,,0000,0000,0000,,It now also has its own European\Nbanking license. It’s only, I think,
Dialogue: 0,0:03:53.65,0:03:59.43,Default,,0000,0000,0000,,half a year ago; and it announced\Nnot even one month ago that it’s now
Dialogue: 0,0:03:59.43,0:04:04.51,Default,,0000,0000,0000,,available in 17 European countries.\NAnd they also claim
Dialogue: 0,0:04:04.51,0:04:08.82,Default,,0000,0000,0000,,that you can open a bank account\Nin just eight minutes. As it turns out
Dialogue: 0,0:04:08.82,0:04:11.06,Default,,0000,0000,0000,,you can lose it even faster.
Dialogue: 0,0:04:11.06,0:04:14.73,Default,,0000,0000,0000,,{\i1}laughter{\i0}
Dialogue: 0,0:04:14.73,0:04:20.81,Default,,0000,0000,0000,,Okay, let’s talk briefly about transaction\Nsecurity in the Number 26 app.
Dialogue: 0,0:04:20.81,0:04:23.51,Default,,0000,0000,0000,,If you want to do a transaction,\Nyou at first need to log in.
Dialogue: 0,0:04:23.51,0:04:27.81,Default,,0000,0000,0000,,This works with your user name,\Nin this case it’s just your email address,
Dialogue: 0,0:04:27.81,0:04:29.100,Default,,0000,0000,0000,,and your password.\NThis is pretty standard.
Dialogue: 0,0:04:29.100,0:04:34.22,Default,,0000,0000,0000,,Afterwards you are good to initiate\Na transaction. After you have entered
Dialogue: 0,0:04:34.22,0:04:39.30,Default,,0000,0000,0000,,all the details you also have to supply a\Ntransfer code. This is just a four-digit
Dialogue: 0,0:04:39.30,0:04:45.78,Default,,0000,0000,0000,,number, you use this also to withdraw\Ncash. Probably you would call this ‘PIN’.
Dialogue: 0,0:04:45.78,0:04:50.83,Default,,0000,0000,0000,,The last factor in this authentication\Nscheme is you paired phone.
Dialogue: 0,0:04:50.83,0:04:55.99,Default,,0000,0000,0000,,This is actually the most important\Nsecurity feature of the N26 account,
Dialogue: 0,0:04:55.99,0:05:00.93,Default,,0000,0000,0000,,and you can only pair one smartphone\Nwith you N26 account.
Dialogue: 0,0:05:00.93,0:05:05.45,Default,,0000,0000,0000,,That means, from a technical\Nperspective, the N26 app,
Dialogue: 0,0:05:05.45,0:05:09.70,Default,,0000,0000,0000,,the very first time you start it,\Ngenerates a RSA key pair
Dialogue: 0,0:05:09.70,0:05:13.20,Default,,0000,0000,0000,,and sends the public key to the N26\Nbackend. And whenever you initiate
Dialogue: 0,0:05:13.20,0:05:17.89,Default,,0000,0000,0000,,a transaction they are going to send\Nan encrypted challenge to your smartphone
Dialogue: 0,0:05:17.89,0:05:22.71,Default,,0000,0000,0000,,and you send it back decrypted.\NThat’s how it works. Actually,
Dialogue: 0,0:05:22.71,0:05:27.96,Default,,0000,0000,0000,,re-pairing, that means pairing another\Nphone is a pretty well secured process,
Dialogue: 0,0:05:27.96,0:05:32.90,Default,,0000,0000,0000,,but we will talk about this later. Just\Nto talk about the infrastructure
Dialogue: 0,0:05:32.90,0:05:37.64,Default,,0000,0000,0000,,of N26: basically they have two apps,\None for iOS, one for Android,
Dialogue: 0,0:05:37.64,0:05:42.18,Default,,0000,0000,0000,,and they communicate over\Na JSON-based protocol, TLS encrypted.
Dialogue: 0,0:05:42.18,0:05:47.10,Default,,0000,0000,0000,,The backend is at api.tech26.de.
Dialogue: 0,0:05:47.10,0:05:50.72,Default,,0000,0000,0000,,How do I know, actually, that this is\Na JSON-based protocol: because I used
Dialogue: 0,0:05:50.72,0:05:56.98,Default,,0000,0000,0000,,a TLS man-in-the-middle attack\Nto log the protocol.
Dialogue: 0,0:05:56.98,0:06:02.92,Default,,0000,0000,0000,,I only needed to install a certificate,\Nthe MITM proxy certificate on the client,
Dialogue: 0,0:06:02.92,0:06:06.74,Default,,0000,0000,0000,,but actually I was surprised that I didn’t\Nneed to touch the client, because
Dialogue: 0,0:06:06.74,0:06:10.13,Default,,0000,0000,0000,,they didn’t implement\Nany certificate pinning.
Dialogue: 0,0:06:10.13,0:06:16.49,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:06:16.49,0:06:21.69,Default,,0000,0000,0000,,So that means, the first thing\Nthat comes into mind is like:
Dialogue: 0,0:06:21.69,0:06:25.76,Default,,0000,0000,0000,,Let’s do real-time transaction\Nmanipulation. That means we manipulate
Dialogue: 0,0:06:25.76,0:06:30.22,Default,,0000,0000,0000,,a transaction that the user does,\Nbut we will change the recipient
Dialogue: 0,0:06:30.22,0:06:36.26,Default,,0000,0000,0000,,and the user won’t see nothing about this.\NSo if we look at this graphic again,
Dialogue: 0,0:06:36.26,0:06:42.05,Default,,0000,0000,0000,,what if an attacker could get the DNS\Nrecord of api.tech26.de under his control?
Dialogue: 0,0:06:42.05,0:06:48.08,Default,,0000,0000,0000,,This would mean that all traffic is routed\Nover the man-in-the-middle attacker server
Dialogue: 0,0:06:48.08,0:06:53.82,Default,,0000,0000,0000,,and, as there is no certificate pinning,\Nwe could just issue a Letsencrypt
Dialogue: 0,0:06:53.82,0:06:59.93,Default,,0000,0000,0000,,TLS certificate and the app is going\Nto trust the certificate.
Dialogue: 0,0:06:59.93,0:07:04.23,Default,,0000,0000,0000,,How does this work?\NLet’s take an example here.
Dialogue: 0,0:07:04.23,0:07:08.58,Default,,0000,0000,0000,,Let’s image I want to transfer\N2 Euro to my friend Dominik.
Dialogue: 0,0:07:08.58,0:07:13.24,Default,,0000,0000,0000,,After I entered all the transaction details\NI have to enter my transfer code, too.
Dialogue: 0,0:07:13.24,0:07:18.93,Default,,0000,0000,0000,,When I did this I get like the second\Nfactor where you need the paired device
Dialogue: 0,0:07:18.93,0:07:23.67,Default,,0000,0000,0000,,and I need to confirm it. This is just\Nlike the next dialogue inside the app.
Dialogue: 0,0:07:23.67,0:07:27.89,Default,,0000,0000,0000,,After I confirmed it, the transaction went\Nthrough, everything looks good.
Dialogue: 0,0:07:27.89,0:07:32.20,Default,,0000,0000,0000,,2 Euro less on my account, pretty good.
Dialogue: 0,0:07:32.20,0:07:37.48,Default,,0000,0000,0000,,In the next step you can see in your\Ntransaction overview too, that
Dialogue: 0,0:07:37.48,0:07:42.69,Default,,0000,0000,0000,,there are 2 Euro less. But after the attack\Nwhen N26 realized that something wrong
Dialogue: 0,0:07:42.69,0:07:47.00,Default,,0000,0000,0000,,was going on and they fixed it you will\Nrealize that we actually transferred
Dialogue: 0,0:07:47.00,0:07:51.54,Default,,0000,0000,0000,,20 Euro, not 2. But this was\Ncompletely transparent for the user
Dialogue: 0,0:07:51.54,0:07:56.21,Default,,0000,0000,0000,,even after the attack.\NOkay, this is nice.
Dialogue: 0,0:07:56.21,0:07:59.79,Default,,0000,0000,0000,,We can manipulate a transaction\Nin real time, but
Dialogue: 0,0:07:59.79,0:08:05.42,Default,,0000,0000,0000,,wouldn’t it be even more interesting\Nto take over entire accounts
Dialogue: 0,0:08:05.42,0:08:09.01,Default,,0000,0000,0000,,to do our own transactions?
Dialogue: 0,0:08:09.01,0:08:13.67,Default,,0000,0000,0000,,For this, we need the login credentials,\Nthe transfer code and the paired phone.
Dialogue: 0,0:08:13.67,0:08:17.07,Default,,0000,0000,0000,,So we need to obtain all of them.
Dialogue: 0,0:08:17.07,0:08:20.46,Default,,0000,0000,0000,,Let’s start with the login credentials.
Dialogue: 0,0:08:20.46,0:08:26.48,Default,,0000,0000,0000,,Actually, I want to assume, that the login\Ncredentials are already compromised.
Dialogue: 0,0:08:26.48,0:08:33.53,Default,,0000,0000,0000,,But there are some weak points in the\Nsecurity system of the N26 transactions,
Dialogue: 0,0:08:33.53,0:08:37.26,Default,,0000,0000,0000,,that make it an easier task to obtain\Nthose login credentials.
Dialogue: 0,0:08:37.26,0:08:41.92,Default,,0000,0000,0000,,There are two things I want to talk about.\NThe first thing is the recovery-from-loss
Dialogue: 0,0:08:41.92,0:08:47.46,Default,,0000,0000,0000,,procedure. When you forget your\Npassword, N26 just sends
Dialogue: 0,0:08:47.46,0:08:50.50,Default,,0000,0000,0000,,an email to your email account.\NThere is a link inside, you click it
Dialogue: 0,0:08:50.50,0:08:53.96,Default,,0000,0000,0000,,and you can just reset your password.
Dialogue: 0,0:08:53.96,0:08:58.16,Default,,0000,0000,0000,,This breaks the N26 password policy
Dialogue: 0,0:08:58.16,0:09:04.06,Default,,0000,0000,0000,,which is actually pretty solid, because\Nif you have access to the email account,
Dialogue: 0,0:09:04.06,0:09:08.03,Default,,0000,0000,0000,,you have automatically access\Nto the N26 account, too
Dialogue: 0,0:09:08.03,0:09:14.39,Default,,0000,0000,0000,,and the access to the email account\Ncould be as bad as “password” or “123456”.
Dialogue: 0,0:09:14.39,0:09:18.44,Default,,0000,0000,0000,,Another idea is spear phishing. Think\Nof spear phishing like a more targeted
Dialogue: 0,0:09:18.44,0:09:22.84,Default,,0000,0000,0000,,version of phishing. What you always need\Nfor phishing is a similar domain,
Dialogue: 0,0:09:22.84,0:09:27.01,Default,,0000,0000,0000,,something the user can relate to. And\Nif you want to make spear phishing
Dialogue: 0,0:09:27.01,0:09:30.35,Default,,0000,0000,0000,,you want to have it more targeted.\NThat means you want to expose
Dialogue: 0,0:09:30.35,0:09:34.76,Default,,0000,0000,0000,,N26 customers, so only send out mails\Nto them. And you need to have
Dialogue: 0,0:09:34.76,0:09:39.25,Default,,0000,0000,0000,,a valid reason to contact them.\NAbout the domain:
Dialogue: 0,0:09:39.25,0:09:45.14,Default,,0000,0000,0000,,usually N26 uses number26.de;\Nand for password resets
Dialogue: 0,0:09:45.14,0:09:51.48,Default,,0000,0000,0000,,e.g. number26.tech.\NSounds pretty valid in my eyes.
Dialogue: 0,0:09:51.48,0:09:57.74,Default,,0000,0000,0000,,Only by chance I happen to own\Nthat domain. {\i1}laughter{\i0}
Dialogue: 0,0:09:57.74,0:10:03.52,Default,,0000,0000,0000,,The next thing is exposing\NN26 customers. N26 offers
Dialogue: 0,0:10:03.52,0:10:09.84,Default,,0000,0000,0000,,peer to peer transactions, that means if\Nyour recipient also has a N26 account,
Dialogue: 0,0:10:09.84,0:10:15.66,Default,,0000,0000,0000,,those transactions are instant.\NTo show the N26 customers
Dialogue: 0,0:10:15.66,0:10:20.04,Default,,0000,0000,0000,,who of his contacts actually have\Nan N26 account, they upload
Dialogue: 0,0:10:20.04,0:10:25.09,Default,,0000,0000,0000,,all of the email addresses, all of the\Nphone numbers in your address book
Dialogue: 0,0:10:25.09,0:10:30.16,Default,,0000,0000,0000,,to the N26 backend.\NUnhashed.
Dialogue: 0,0:10:30.16,0:10:34.86,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:10:34.86,0:10:39.71,Default,,0000,0000,0000,,But we actually want to use this to\Nidentify customers of a given dataset.
Dialogue: 0,0:10:39.71,0:10:43.78,Default,,0000,0000,0000,,We can actually abuse this API for that.
Dialogue: 0,0:10:43.78,0:10:49.41,Default,,0000,0000,0000,,Do you remember the recent Dropbox leak\Nthat revealed 68 million accounts?
Dialogue: 0,0:10:49.41,0:10:54.65,Default,,0000,0000,0000,,We evaluated all of those 68 million\Nemail accounts against this API
Dialogue: 0,0:10:54.65,0:10:58.68,Default,,0000,0000,0000,,and N26 took no notice of this.\NThere were no limits applied.
Dialogue: 0,0:10:58.68,0:11:03.44,Default,,0000,0000,0000,,They just think, I’m really popular.\N{\i1}laughter{\i0}
Dialogue: 0,0:11:03.44,0:11:10.52,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:11:10.52,0:11:17.87,Default,,0000,0000,0000,,In the end, we revealed 33.000 N26\Ncustomers and could now send out
Dialogue: 0,0:11:17.87,0:11:22.50,Default,,0000,0000,0000,,e-mails to them. Actually, this also provides\Na valid reason to contact them.
Dialogue: 0,0:11:22.50,0:11:27.52,Default,,0000,0000,0000,,E.g. the usual e-mail of N26 looks\Nsomehow like this.
Dialogue: 0,0:11:27.52,0:11:31.76,Default,,0000,0000,0000,,So we could say to them: “Hey, you are\Naffected by the Dropbox leak, please
Dialogue: 0,0:11:31.76,0:11:41.07,Default,,0000,0000,0000,,change your password for your own security.\NClick this link to change your password.”
Dialogue: 0,0:11:41.07,0:11:47.48,Default,,0000,0000,0000,,Now I can already see the N26\Nmanagement board nervous,
Dialogue: 0,0:11:47.48,0:11:52.22,Default,,0000,0000,0000,,but don’t worry, we didn’t do this.\NMy professor had legal concerns.
Dialogue: 0,0:11:52.22,0:11:57.25,Default,,0000,0000,0000,,{\i1}laughter{\i0}
Dialogue: 0,0:11:57.25,0:12:02.83,Default,,0000,0000,0000,,Now, that we have the login credentials,\Nwe have to wonder: Can we already
Dialogue: 0,0:12:02.83,0:12:08.94,Default,,0000,0000,0000,,do something with those login credentials?\NAnd this brings me to Siri transactions.
Dialogue: 0,0:12:08.94,0:12:13.98,Default,,0000,0000,0000,,With iOS 10 N26 now supports\Ntransactions using Siri. That means
Dialogue: 0,0:12:13.98,0:12:19.20,Default,,0000,0000,0000,,now you can just say: “Send 5 Euro\Nto Dominik Maier using N26”, then
Dialogue: 0,0:12:19.20,0:12:24.20,Default,,0000,0000,0000,,the transaction pops up and you can say:\N“Send it” and afterwards it’s gone.
Dialogue: 0,0:12:24.20,0:12:29.39,Default,,0000,0000,0000,,The app doesn’t even open.\NSo this already sounds wrong,
Dialogue: 0,0:12:29.39,0:12:33.68,Default,,0000,0000,0000,,{\i1}laughter{\i0} …but you can only\Ndo this with the paired device.
Dialogue: 0,0:12:33.68,0:12:39.58,Default,,0000,0000,0000,,If you use another phone and just\Nlog in and try to use Siri with this,
Dialogue: 0,0:12:39.58,0:12:43.50,Default,,0000,0000,0000,,this dialogue appears and you really\Nhave to open the app and have
Dialogue: 0,0:12:43.50,0:12:51.71,Default,,0000,0000,0000,,to confirm it with the paired phone. As it\Nturns out, this is just a client feature.
Dialogue: 0,0:12:51.71,0:12:53.82,Default,,0000,0000,0000,,{\i1}laughter{\i0}
Dialogue: 0,0:12:53.82,0:12:57.45,Default,,0000,0000,0000,,This is actually the entire payload\Nyou need. It’s just like “5 Euro
Dialogue: 0,0:12:57.45,0:13:02.26,Default,,0000,0000,0000,,to Dominik Maier”, and there is the phone\Nnumber. And look at this API endpoint,
Dialogue: 0,0:13:02.26,0:13:07.88,Default,,0000,0000,0000,,‘/transactions/unverified’.\NSo it turns out
Dialogue: 0,0:13:07.88,0:13:11.94,Default,,0000,0000,0000,,you don’t need the paired phone\Nto do this type of transactions.
Dialogue: 0,0:13:11.94,0:13:19.84,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:13:19.84,0:13:23.71,Default,,0000,0000,0000,,Yet another thing that’s interesting\Nis that N26 claims that they have
Dialogue: 0,0:13:23.71,0:13:28.05,Default,,0000,0000,0000,,some intelligent algorithms\Nto immediately detect irregularities
Dialogue: 0,0:13:28.05,0:13:34.08,Default,,0000,0000,0000,,and prevent fraud before it even occurs.\NSo we thought: “Challenge accepted!”
Dialogue: 0,0:13:34.08,0:13:38.88,Default,,0000,0000,0000,,{\i1}laughter and applause{\i0}
Dialogue: 0,0:13:38.88,0:13:42.83,Default,,0000,0000,0000,,And what we actually did,\Nand I think this is pretty irregular,
Dialogue: 0,0:13:42.83,0:13:48.68,Default,,0000,0000,0000,,we sent 2000 Siri transactions\Nworth 1 Cent within 30 minutes.
Dialogue: 0,0:13:48.68,0:13:51.18,Default,,0000,0000,0000,,{\i1}laughter{\i0}
Dialogue: 0,0:13:51.18,0:13:56.82,Default,,0000,0000,0000,,Try to speak that fast.\NOk.
Dialogue: 0,0:13:56.82,0:14:02.78,Default,,0000,0000,0000,,And so what happened? Like we waited the\Nnext day and the day after nobody actually
Dialogue: 0,0:14:02.78,0:14:07.12,Default,,0000,0000,0000,,made contact with us, and we thought they\Nwould never actually make contact.
Dialogue: 0,0:14:07.12,0:14:10.83,Default,,0000,0000,0000,,But over three weeks later\NN26 required Dominik to explain
Dialogue: 0,0:14:10.83,0:14:15.79,Default,,0000,0000,0000,,the “unusual amount” of transactions.\NOkay, they even threatened to cancel
Dialogue: 0,0:14:15.79,0:14:20.45,Default,,0000,0000,0000,,his account. I mean, this is actually…\Nit’s reasonable because it’s a clear misuse
Dialogue: 0,0:14:20.45,0:14:24.49,Default,,0000,0000,0000,,of the account and it violates\Nthe Terms of Service of them.
Dialogue: 0,0:14:24.49,0:14:29.52,Default,,0000,0000,0000,,But Dominik didn’t send those\Ntransactions, he received them!
Dialogue: 0,0:14:29.52,0:14:30.62,Default,,0000,0000,0000,,{\i1}laughter{\i0}
Dialogue: 0,0:14:30.62,0:14:35.24,Default,,0000,0000,0000,,They contacted the wrong person!\NThis is kind of like
Dialogue: 0,0:14:35.24,0:14:38.59,Default,,0000,0000,0000,,if Gmail cancels your account\Nbecause you received Spam!
Dialogue: 0,0:14:38.59,0:14:41.51,Default,,0000,0000,0000,,{\i1}loud laughter{\i0}
Dialogue: 0,0:14:41.51,0:14:49.31,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:14:49.31,0:14:53.71,Default,,0000,0000,0000,,Okay, let’s go back to the account\Nhijacking. And the next thing we need
Dialogue: 0,0:14:53.71,0:14:59.02,Default,,0000,0000,0000,,to obtain is the transfer code and get\Nthe control over the paired phone.
Dialogue: 0,0:14:59.02,0:15:03.48,Default,,0000,0000,0000,,What we will do: with the transfer code\Nwe will try to reset it; and
Dialogue: 0,0:15:03.48,0:15:07.22,Default,,0000,0000,0000,,the paired phone we have to un-pair.\NActually, those processes are
Dialogue: 0,0:15:07.22,0:15:14.06,Default,,0000,0000,0000,,not as independent as it seems. So\NI will right start with the paired phone.
Dialogue: 0,0:15:14.06,0:15:17.98,Default,,0000,0000,0000,,As I told in the beginning, un-pairing is\Nactually a highly-secured process
Dialogue: 0,0:15:17.98,0:15:24.72,Default,,0000,0000,0000,,and I mean, this is my serious opinion.\NSo let’s look at the process.
Dialogue: 0,0:15:24.72,0:15:29.03,Default,,0000,0000,0000,,At first, when you want to pair a new\Nphone, like I said, you need to un-pair
Dialogue: 0,0:15:29.03,0:15:33.51,Default,,0000,0000,0000,,the existing one. Therefor, you open the\Napp, then you click at “Un-pair” and
Dialogue: 0,0:15:33.51,0:15:40.23,Default,,0000,0000,0000,,afterwards they send a link to your\Nemail account. Then, in the e-mail
Dialogue: 0,0:15:40.23,0:15:46.29,Default,,0000,0000,0000,,you need to follow the un-pairing link.
Dialogue: 0,0:15:46.29,0:15:50.57,Default,,0000,0000,0000,,In the next step the real un-pairing\Nprocess starts, where you
Dialogue: 0,0:15:50.57,0:15:55.38,Default,,0000,0000,0000,,have to enter your transfer code first,\Nthen your MasterCard ID. This is something
Dialogue: 0,0:15:55.38,0:16:01.32,Default,,0000,0000,0000,,that is kind of special for N26, like,\Nevery N26 account comes with a MasterCard,
Dialogue: 0,0:16:01.32,0:16:06.76,Default,,0000,0000,0000,,and they have printed a 10-digit numerical\Ntoken below your name. I don’t know
Dialogue: 0,0:16:06.76,0:16:09.57,Default,,0000,0000,0000,,what this actually is, it’s not the PAN,\Nit’s not the credit card number but
Dialogue: 0,0:16:09.57,0:16:14.89,Default,,0000,0000,0000,,some other sort of token. So you need\Nto have the Mastercard, actually.
Dialogue: 0,0:16:14.89,0:16:19.28,Default,,0000,0000,0000,,And in the last step they’re going to send\Nan SMS to you with a token, and you have
Dialogue: 0,0:16:19.28,0:16:24.13,Default,,0000,0000,0000,,to enter it. And only after this process\Nthe un-pairing is done.
Dialogue: 0,0:16:24.13,0:16:28.17,Default,,0000,0000,0000,,So that means we need to have access to\Nthe e-mail account. We need to know
Dialogue: 0,0:16:28.17,0:16:31.89,Default,,0000,0000,0000,,the transfer code. We need to have the\NMastercard and we need to own the SIM card
Dialogue: 0,0:16:31.89,0:16:40.87,Default,,0000,0000,0000,,in order to receive the token.\NYou can’t screw up each of those.
Dialogue: 0,0:16:40.87,0:16:47.76,Default,,0000,0000,0000,,{\i1}laughter and applause{\i0}
Dialogue: 0,0:16:47.76,0:16:52.43,Default,,0000,0000,0000,,Okay. Let’s go into it. So, the first\Nthing: when you actually click
Dialogue: 0,0:16:52.43,0:16:58.11,Default,,0000,0000,0000,,on that item in your app where\Nit says “Start un-pairing”
Dialogue: 0,0:16:58.11,0:17:03.38,Default,,0000,0000,0000,,it sends – this is basically HTTP GET\Nrequest but you wouldn’t believe
Dialogue: 0,0:17:03.38,0:17:08.95,Default,,0000,0000,0000,,that they send the link as a response.\NSo – it’s not this plate (?)
Dialogue: 0,0:17:08.95,0:17:13.68,Default,,0000,0000,0000,,but it’s there. So you don’t need to\Nhave access to the e-mail account
Dialogue: 0,0:17:13.68,0:17:17.29,Default,,0000,0000,0000,,because it’s in the response.\N{\i1}laughs{\i0}
Dialogue: 0,0:17:17.29,0:17:20.12,Default,,0000,0000,0000,,{\i1}laughter{\i0}
Dialogue: 0,0:17:20.12,0:17:25.27,Default,,0000,0000,0000,,Okay. Next thing. The transfer code\N– I actually will skip this for the moment
Dialogue: 0,0:17:25.27,0:17:29.79,Default,,0000,0000,0000,,and we’ll get right back to this. But the\Nnext thing is actually the Mastercard ID.
Dialogue: 0,0:17:29.79,0:17:35.87,Default,,0000,0000,0000,,And this ID is printed on the card,\Nand we don’t have access to that card.
Dialogue: 0,0:17:35.87,0:17:40.79,Default,,0000,0000,0000,,So what will we do?\NIn the transaction overview
Dialogue: 0,0:17:40.79,0:17:45.34,Default,,0000,0000,0000,,N26 shows a lot of properties,\Ne.g. the amount, the beneficiary,
Dialogue: 0,0:17:45.34,0:17:49.77,Default,,0000,0000,0000,,whatever. And it turns out that this…
Dialogue: 0,0:17:49.77,0:17:52.91,Default,,0000,0000,0000,,{\i1}laughter and turmoil{\i0}\Nthat they used
Dialogue: 0,0:17:52.91,0:17:57.22,Default,,0000,0000,0000,,this Mastercard ID, they thought: “Oh,\Nthis is actually a nice ID, let’s use it
Dialogue: 0,0:17:57.22,0:18:02.26,Default,,0000,0000,0000,,as a prefix”. So, again, this is not\Ndisplayed to the user inside the app
Dialogue: 0,0:18:02.26,0:18:07.96,Default,,0000,0000,0000,,but it’s clearly there in the API.\NIt’s way too verbose.
Dialogue: 0,0:18:07.96,0:18:14.89,Default,,0000,0000,0000,,So…\N{\i1}applause{\i0}
Dialogue: 0,0:18:14.89,0:18:19.94,Default,,0000,0000,0000,,Okay. Whenever…
Dialogue: 0,0:18:19.94,0:18:23.61,Default,,0000,0000,0000,,the step that I just skipped\Nwas this transfer code.
Dialogue: 0,0:18:23.61,0:18:29.00,Default,,0000,0000,0000,,The transfer code is unknown.\NBut you can reset the transfer code.
Dialogue: 0,0:18:29.00,0:18:32.59,Default,,0000,0000,0000,,And it is – as it turns out – what you\Nneed to reset the transfer code
Dialogue: 0,0:18:32.59,0:18:35.48,Default,,0000,0000,0000,,is the Mastercard ID.\N{\i1}laughs{\i0}
Dialogue: 0,0:18:35.48,0:18:43.00,Default,,0000,0000,0000,,{\i1}laughter and applause{\i0}
Dialogue: 0,0:18:43.00,0:18:47.32,Default,,0000,0000,0000,,So you need to enter this Mastercard ID
Dialogue: 0,0:18:47.32,0:18:52.51,Default,,0000,0000,0000,,that I just told how we will get it\Nand then we just will confirm
Dialogue: 0,0:18:52.51,0:18:57.87,Default,,0000,0000,0000,,our new transfer code. Think of one,\NI don’t know. Any code.
Dialogue: 0,0:18:57.87,0:19:01.84,Default,,0000,0000,0000,,And therefor we don’t need to know the\Ntransfer code. Not even the old one
Dialogue: 0,0:19:01.84,0:19:06.66,Default,,0000,0000,0000,,because it’s not required.\NThe Mastercard ID is sufficient.
Dialogue: 0,0:19:06.66,0:19:11.94,Default,,0000,0000,0000,,Then. The last step. SMS.\NThe SIM card is inaccessible.
Dialogue: 0,0:19:11.94,0:19:17.45,Default,,0000,0000,0000,,We don’t have access to that phone. But\Nthis is a 5-digit token that they send out
Dialogue: 0,0:19:17.45,0:19:22.66,Default,,0000,0000,0000,,and it’s only numbers. I mean\Nthis is 100.000 possibilities.
Dialogue: 0,0:19:22.66,0:19:28.98,Default,,0000,0000,0000,,And even though the login procedure, the\Nlogin form, has a brute-force protection
Dialogue: 0,0:19:28.98,0:19:32.00,Default,,0000,0000,0000,,this doesn’t have any\Nbrute force protection. So…
Dialogue: 0,0:19:32.00,0:19:35.47,Default,,0000,0000,0000,,{\i1}laughter{\i0}
Dialogue: 0,0:19:35.47,0:19:39.92,Default,,0000,0000,0000,,…the maximum that I could get out of the\Nbackend was 160 requests per second!
Dialogue: 0,0:19:39.92,0:19:42.43,Default,,0000,0000,0000,,{\i1}laughter{\i0}
Dialogue: 0,0:19:42.43,0:19:45.76,Default,,0000,0000,0000,,So this means…\N{\i1}laughs{\i0}
Dialogue: 0,0:19:45.76,0:19:54.63,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:19:54.63,0:20:04.23,Default,,0000,0000,0000,,So that means that it takes on average\Napprox. 5 minutes to get this token.
Dialogue: 0,0:20:04.23,0:20:09.19,Default,,0000,0000,0000,,In the end we will just brute-force it\Nand that’s it. Okay. That’s…
Dialogue: 0,0:20:09.19,0:20:11.74,Default,,0000,0000,0000,,{\i1}laughter{\i0}
Dialogue: 0,0:20:11.74,0:20:17.00,Default,,0000,0000,0000,,Let’s look if this really works.\NAt first we will login to the app
Dialogue: 0,0:20:17.00,0:20:22.28,Default,,0000,0000,0000,,just to see that it’s paired. And if it\Nwouldn’t be paired we would know,
Dialogue: 0,0:20:22.28,0:20:27.32,Default,,0000,0000,0000,,like, see a dialogue\Nthat we should pair our phone.
Dialogue: 0,0:20:27.32,0:20:30.96,Default,,0000,0000,0000,,So now it opens. Great.
Dialogue: 0,0:20:30.96,0:20:36.77,Default,,0000,0000,0000,,And now we will start our script.
Dialogue: 0,0:20:36.77,0:20:43.46,Default,,0000,0000,0000,,And N26 claimed that this attack\Ndoesn’t scale, just don’t blink!
Dialogue: 0,0:20:43.46,0:20:45.03,Default,,0000,0000,0000,,{\i1}exhales sharply{\i0}
Dialogue: 0,0:20:45.03,0:20:47.24,Default,,0000,0000,0000,,So those are the login credentials\N{\i1}laughter{\i0}
Dialogue: 0,0:20:47.24,0:20:50.96,Default,,0000,0000,0000,,…that will do all the fun. And actually,\Neverything already happened, it’s just
Dialogue: 0,0:20:50.96,0:20:55.45,Default,,0000,0000,0000,,the brute-forcing that now takes place.\NAnd I have to admit that I have been
Dialogue: 0,0:20:55.45,0:21:02.56,Default,,0000,0000,0000,,really lucky this time because\Nwe are done now. {\i1}laughter{\i0}
Dialogue: 0,0:21:02.56,0:21:07.22,Default,,0000,0000,0000,,So this is the response, now the SMS\Nnumeric token is valid, and the phone
Dialogue: 0,0:21:07.22,0:21:12.10,Default,,0000,0000,0000,,has been successfully un-paired. Okay,\Nnow let’s verify in the app… if this worked
Dialogue: 0,0:21:12.10,0:21:19.80,Default,,0000,0000,0000,,really? So let’s open it again. Touch-ID\Nexpired, so this is actually good.
Dialogue: 0,0:21:19.80,0:21:27.25,Default,,0000,0000,0000,,That means that something happened.\NLet’s login with our password.
Dialogue: 0,0:21:27.25,0:21:31.02,Default,,0000,0000,0000,,And there it prompts us for pairing\Nthe phone. So it worked.
Dialogue: 0,0:21:31.02,0:21:39.86,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:21:39.86,0:21:44.03,Default,,0000,0000,0000,,Yeah…\N{\i1}laughter{\i0}
Dialogue: 0,0:21:44.03,0:21:50.47,Default,,0000,0000,0000,,This… even though I said that this attack\Nreally scales very well it has a drawback.
Dialogue: 0,0:21:50.47,0:21:54.55,Default,,0000,0000,0000,,Because three mails are sent out to the\Nuser. The first one when you actually
Dialogue: 0,0:21:54.55,0:21:58.47,Default,,0000,0000,0000,,start the un-pairing, the second one\Nwhen you reset the transfer PIN and
Dialogue: 0,0:21:58.47,0:22:02.15,Default,,0000,0000,0000,,the third one when the un-pairing is\Nsuccessful. And the user also receives
Dialogue: 0,0:22:02.15,0:22:08.20,Default,,0000,0000,0000,,an SMS. But I mean fraud is perfectly\Npossible. But is there a possibility
Dialogue: 0,0:22:08.20,0:22:14.55,Default,,0000,0000,0000,,to avoid this? Let’s try to call\Nthe customer support.
Dialogue: 0,0:22:14.55,0:22:19.85,Default,,0000,0000,0000,,The customer support is actually the most\Npowerful entity in the N26 security model.
Dialogue: 0,0:22:19.85,0:22:23.46,Default,,0000,0000,0000,,Because they can even change things\Nyou can’t change inside the app.
Dialogue: 0,0:22:23.46,0:22:27.26,Default,,0000,0000,0000,,E.g. your email address, or name\N– you cannot change.
Dialogue: 0,0:22:27.26,0:22:32.95,Default,,0000,0000,0000,,But they can. So let’s talk with them.\NThey can… it turns out they can also
Dialogue: 0,0:22:32.95,0:22:38.37,Default,,0000,0000,0000,,un-pair phones. So now the question arises\Nof course you cannot just call there
Dialogue: 0,0:22:38.37,0:22:42.03,Default,,0000,0000,0000,,and say: “Hey, my name is Vincent,\Nplease un-pair my phone.” Of course they
Dialogue: 0,0:22:42.03,0:22:47.24,Default,,0000,0000,0000,,are going to authenticate you. And what…\N{\i1}loud laughter{\i0}
Dialogue: 0,0:22:47.24,0:22:53.12,Default,,0000,0000,0000,,…and what will they ask? They will ask\Nfor the Mastercard ID. We know that.
Dialogue: 0,0:22:53.12,0:22:56.41,Default,,0000,0000,0000,,The current account balance is always\Navailable if you have the login credentials.
Dialogue: 0,0:22:56.41,0:23:00.54,Default,,0000,0000,0000,,Okay. There’s one thing that is\Nstill missing. Place of birth.
Dialogue: 0,0:23:00.54,0:23:05.59,Default,,0000,0000,0000,,It’s always the same.\N{\i1}laughter{\i0}
Dialogue: 0,0:23:05.59,0:23:11.50,Default,,0000,0000,0000,,It’s, again, you can’t see this information\Ninside the app. It’s just not displayed.
Dialogue: 0,0:23:11.50,0:23:14.34,Default,,0000,0000,0000,,But it’s there. There’s so much\Ninformation you can’t think of.
Dialogue: 0,0:23:14.34,0:23:19.78,Default,,0000,0000,0000,,Really, they know more about me than I do.\N{\i1}laughter{\i0}
Dialogue: 0,0:23:19.78,0:23:23.85,Default,,0000,0000,0000,,Now that means we have all information\Navailable, and we can change any data.
Dialogue: 0,0:23:23.85,0:23:28.23,Default,,0000,0000,0000,,And the user won’t receive any notice\Nof that. So no email, nothing.
Dialogue: 0,0:23:28.23,0:23:32.39,Default,,0000,0000,0000,,So we can just un-pair the phone,\Nand later we can pair our own one,
Dialogue: 0,0:23:32.39,0:23:36.46,Default,,0000,0000,0000,,or… this is perfectly stealth.
Dialogue: 0,0:23:36.46,0:23:42.50,Default,,0000,0000,0000,,Now actually I heard already: “Ah,\NI only got 50 Euro on my account,
Dialogue: 0,0:23:42.50,0:23:46.61,Default,,0000,0000,0000,,why should I care?”
Dialogue: 0,0:23:46.61,0:23:52.02,Default,,0000,0000,0000,,This is actually a valid argument because\Nmany N26 accounts are opened out of
Dialogue: 0,0:23:52.02,0:23:58.56,Default,,0000,0000,0000,,curiosity, and many are inactive, or not\Nused seriously, that means you only use it
Dialogue: 0,0:23:58.56,0:24:02.59,Default,,0000,0000,0000,,for travelling or paying things online\Nbecause of the conditions.
Dialogue: 0,0:24:02.59,0:24:06.92,Default,,0000,0000,0000,,But you don’t use it as the salary account\Nso there is frequently not so much money
Dialogue: 0,0:24:06.92,0:24:13.74,Default,,0000,0000,0000,,in it. But as this wants to be the\Nfinancial hub for all the services
Dialogue: 0,0:24:13.74,0:24:19.85,Default,,0000,0000,0000,,you of course can also apply for an\Noverdraft. And this is an instant overdraft
Dialogue: 0,0:24:19.85,0:24:25.11,Default,,0000,0000,0000,,that is granted during two minutes.\NAnd it’s between… you have guaranteed
Dialogue: 0,0:24:25.11,0:24:32.10,Default,,0000,0000,0000,,50 Euro and up to 2000. This requires\Nthe paired device. What did we just do?
Dialogue: 0,0:24:32.10,0:24:35.20,Default,,0000,0000,0000,,We have the paired device.\NWe have the entire account.
Dialogue: 0,0:24:35.20,0:24:39.16,Default,,0000,0000,0000,,So what do we do?\NWe will just hijack the account
Dialogue: 0,0:24:39.16,0:24:43.56,Default,,0000,0000,0000,,then we apply for an overdraft,\Nand then we will take all the money
Dialogue: 0,0:24:43.56,0:24:47.35,Default,,0000,0000,0000,,he has as a balance\Nand as an overdraft.
Dialogue: 0,0:24:47.35,0:24:50.47,Default,,0000,0000,0000,,So even if you don’t have money\Non your account and think you’re safe
Dialogue: 0,0:24:50.47,0:24:54.78,Default,,0000,0000,0000,,you are not.\N{\i1}laughs{\i0}
Dialogue: 0,0:24:54.78,0:25:02.48,Default,,0000,0000,0000,,Okay. This was quite a bit, something.\NI want to talk briefly about disclosure
Dialogue: 0,0:25:02.48,0:25:07.03,Default,,0000,0000,0000,,before I will draw my conclusion.
Dialogue: 0,0:25:07.03,0:25:12.72,Default,,0000,0000,0000,,I reported all these issues to N26 on\NSeptember 25. I didn’t establish
Dialogue: 0,0:25:12.72,0:25:16.50,Default,,0000,0000,0000,,the contact, this was the CCC.\NThank you for that.
Dialogue: 0,0:25:16.50,0:25:22.24,Default,,0000,0000,0000,,I did this because I didn’t know how N26\Nwould react to this kind of vulnerabilities.
Dialogue: 0,0:25:22.24,0:25:26.35,Default,,0000,0000,0000,,But, actually, there was no reason\Nto think so. Because they acted
Dialogue: 0,0:25:26.35,0:25:31.65,Default,,0000,0000,0000,,really professional. And they were\Nactually thankful that I revealed
Dialogue: 0,0:25:31.65,0:25:34.93,Default,,0000,0000,0000,,these vulnerabilities.
Dialogue: 0,0:25:34.93,0:25:45.49,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:25:45.49,0:25:49.94,Default,,0000,0000,0000,,Then, afterwards, they started\Nto incrementally fix the issues.
Dialogue: 0,0:25:49.94,0:25:54.52,Default,,0000,0000,0000,,I don’t know when they fixed the first\Nthing. I didn’t monitor the process.
Dialogue: 0,0:25:54.52,0:25:58.04,Default,,0000,0000,0000,,But the last fix I know of happened on\NDecember 13 when they implemented
Dialogue: 0,0:25:58.04,0:26:02.76,Default,,0000,0000,0000,,certificate pinning on iOS. And,\Napparently, I have to say that
Dialogue: 0,0:26:02.76,0:26:10.02,Default,,0000,0000,0000,,I didn’t check everything. But\Napparently all issues are resolved.
Dialogue: 0,0:26:10.02,0:26:15.39,Default,,0000,0000,0000,,But what are the consequences out of\Nthis? It is obvious that N26 needs to put
Dialogue: 0,0:26:15.39,0:26:22.79,Default,,0000,0000,0000,,more emphasis on security. It’s important\Nto notice that this wasn’t a coincidence.
Dialogue: 0,0:26:22.79,0:26:27.73,Default,,0000,0000,0000,,It simply wasn’t! And N26 needs to\Nunderstand that it’s not enough to release
Dialogue: 0,0:26:27.73,0:26:31.34,Default,,0000,0000,0000,,videos with caption “mobile first meets\Nsafety first” and to claim that security
Dialogue: 0,0:26:31.34,0:26:39.77,Default,,0000,0000,0000,,is of paramount importance of them.\NSo PR shouldn’t do your security.
Dialogue: 0,0:26:39.77,0:26:45.36,Default,,0000,0000,0000,,It’s funny: If you visit the N26 home page\Nyou will find out that they currently have
Dialogue: 0,0:26:45.36,0:26:53.20,Default,,0000,0000,0000,,44 open positions. Not even one\Nis dedicated to security.
Dialogue: 0,0:26:53.20,0:26:56.69,Default,,0000,0000,0000,,Furthermore, with such a strategy\NFinTechs squander the trust
Dialogue: 0,0:26:56.69,0:27:01.42,Default,,0000,0000,0000,,in financial institutions that banks\Nestablished over years, actually.
Dialogue: 0,0:27:01.42,0:27:06.61,Default,,0000,0000,0000,,Today you usually trust in your bank\Nthat they will deal with your money
Dialogue: 0,0:27:06.61,0:27:11.75,Default,,0000,0000,0000,,responsibly. And in the end you also\Nneed to question authorities. I mean
Dialogue: 0,0:27:11.75,0:27:18.78,Default,,0000,0000,0000,,it was BaFin that granted a banking\Nlicense to N26 only six months ago.
Dialogue: 0,0:27:18.78,0:27:26.50,Default,,0000,0000,0000,,And, really, those vulnerabilities\Nare in sight for longer time.
Dialogue: 0,0:27:26.50,0:27:32.19,Default,,0000,0000,0000,,Okay. I think, like… résumé for this is:
Dialogue: 0,0:27:32.19,0:27:36.41,Default,,0000,0000,0000,,you shouldn’t say “Works for me”\Nwhen it’s about security.
Dialogue: 0,0:27:36.41,0:27:38.94,Default,,0000,0000,0000,,So, thank you!
Dialogue: 0,0:27:38.94,0:27:59.24,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:27:59.24,0:28:05.51,Default,,0000,0000,0000,,Herald: Thank you Vincent. That was\Nawesome. And also kind of fucking scary.
Dialogue: 0,0:28:05.51,0:28:09.82,Default,,0000,0000,0000,,We only have a short time for questions.\NIs there anybody who has a question
Dialogue: 0,0:28:09.82,0:28:18.95,Default,,0000,0000,0000,,for Vincent?
Dialogue: 0,0:28:18.95,0:28:22.97,Default,,0000,0000,0000,,No, I guess everybody is out\Ndeleting banking apps.
Dialogue: 0,0:28:22.97,0:28:26.76,Default,,0000,0000,0000,,{\i1}laughter{\i0}
Dialogue: 0,0:28:26.76,0:28:31.73,Default,,0000,0000,0000,,Oh, number 6!
Dialogue: 0,0:28:31.73,0:28:35.80,Default,,0000,0000,0000,,Question: Quick question.
Dialogue: 0,0:28:35.80,0:28:40.43,Default,,0000,0000,0000,,Do you know whether they\Nhave disallowed those apps
Dialogue: 0,0:28:40.43,0:28:44.37,Default,,0000,0000,0000,,that have not yet been updated\Nto still manage their bank account?
Dialogue: 0,0:28:44.37,0:28:49.89,Default,,0000,0000,0000,,So e.g. if someone has a mobile app\Nthat has not yet been updated
Dialogue: 0,0:28:49.89,0:28:52.75,Default,,0000,0000,0000,,to the version that includes certificate\Npinning would that person
Dialogue: 0,0:28:52.75,0:28:55.10,Default,,0000,0000,0000,,still be vulnerable to\Nman-in-the-middle attacks?
Dialogue: 0,0:28:55.10,0:28:56.53,Default,,0000,0000,0000,,Vincent: Yes.
Dialogue: 0,0:28:56.53,0:28:59.64,Default,,0000,0000,0000,,{\i1}laughter{\i0}\N{\i1}laughs{\i0}
Dialogue: 0,0:28:59.64,0:29:03.91,Default,,0000,0000,0000,,Actually they don’t have so much of an\Nidea which device you are using.
Dialogue: 0,0:29:03.91,0:29:10.97,Default,,0000,0000,0000,,They don’t even know which is the paired\Ndevice! This is only a client value.
Dialogue: 0,0:29:10.97,0:29:14.50,Default,,0000,0000,0000,,Herald: Do two more,\Nit’s a guy here on number 1.
Dialogue: 0,0:29:14.50,0:29:18.43,Default,,0000,0000,0000,,Question: Thanks for the talk. Did they\Nactually invite you to help them
Dialogue: 0,0:29:18.43,0:29:22.54,Default,,0000,0000,0000,,or give your talk at N26?\NHave they been in contact with you?
Dialogue: 0,0:29:22.54,0:29:26.97,Default,,0000,0000,0000,,Vincent: Yes, we have been in contact and\NI also visited them and gave a workshop,
Dialogue: 0,0:29:26.97,0:29:29.00,Default,,0000,0000,0000,,so yeah, they…
Dialogue: 0,0:29:29.00,0:29:32.79,Default,,0000,0000,0000,,{\i1}laughter and applause{\i0}
Dialogue: 0,0:29:32.79,0:29:34.32,Default,,0000,0000,0000,,Question: Are you serious?
Dialogue: 0,0:29:34.32,0:29:39.44,Default,,0000,0000,0000,,Vincent: I am serious, yes!\N{\i1}ongoing applause{\i0}
Dialogue: 0,0:29:39.44,0:29:42.19,Default,,0000,0000,0000,,Herald: And we do one last,\None here, from number 5, please.
Dialogue: 0,0:29:42.19,0:29:45.12,Default,,0000,0000,0000,,Question: So during your talk you\Nname-dropped Letsencrypt, and
Dialogue: 0,0:29:45.12,0:29:48.33,Default,,0000,0000,0000,,you kind of glossed over that bit, about\Ngetting them to issue a certificate
Dialogue: 0,0:29:48.33,0:29:53.19,Default,,0000,0000,0000,,for their API host name.\NDo you know something I don’t?
Dialogue: 0,0:29:53.19,0:29:55.75,Default,,0000,0000,0000,,Vincent: Ehm, the question, again?\NI don’t…
Dialogue: 0,0:29:55.75,0:29:59.53,Default,,0000,0000,0000,,Question: So you mentioned getting\Na Letsencrypt certificate to impersonate
Dialogue: 0,0:29:59.53,0:30:02.45,Default,,0000,0000,0000,,their API host name, because they\Nweren’t using certificate pinning.
Dialogue: 0,0:30:02.45,0:30:04.77,Default,,0000,0000,0000,,How did you go by doing that?
Dialogue: 0,0:30:04.77,0:30:07.50,Default,,0000,0000,0000,,Vincent: But I didn’t do.\NThis, like, was a scenario.
Dialogue: 0,0:30:07.50,0:30:15.50,Default,,0000,0000,0000,,That’s an attack scenario. I didn’t hijack\Nthe DNS record, okay, sorry.
Dialogue: 0,0:30:15.50,0:30:16.97,Default,,0000,0000,0000,,{\i1}laughs{\i0}
Dialogue: 0,0:30:16.97,0:30:19.51,Default,,0000,0000,0000,,Question: Thank you.
Dialogue: 0,0:30:19.51,0:30:22.03,Default,,0000,0000,0000,,Herald: Alright. Thanks everybody for\Njoining. And get a big round of applause
Dialogue: 0,0:30:22.03,0:30:23.61,Default,,0000,0000,0000,,here for Vincent!
Dialogue: 0,0:30:23.61,0:30:27.26,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:30:27.26,0:30:32.24,Default,,0000,0000,0000,,{\i1}postroll music{\i0}
Dialogue: 0,0:30:32.24,0:30:50.98,Default,,0000,0000,0000,,{\i1}Subtitles created by c3subtitles.de\Nin the year 2017. Join and help us!{\i0}