Master slide
Remotely attacking central servers
steal data
for impersonation
1
Physically attacking
user devices
misuse them
for
impersonation
6
Physically attacking
user devices
steal data
for
impersonation
5
Remotely
attacking lots
of user devices
steal data
for
impersonation
Remotely
attacking lots
of user devices
misuse them
for
impersonation
Remotely
attacking lots
of user devices
misuse
authenticated
sessions
2
3
4
Remotely attacking central servers
steal data
for impersonation
1
Physically attacking
user devices
misuse them
for
impersonation
6
Physically attacking
user devices
steal data
for
impersonation
5
Remotely
attacking lots
of user devices
steal data
for
impersonation
Remotely
attacking lots
of user devices
misuse them
for
impersonation
Remotely
attacking lots
of user devices
misuse
authenticated
sessions
2
3
4
Examples
Counter
Measures
Use asymmetric
crypto, e.g. FIDO
Use TEE or SE
based key
protection.
Use HW based
user verification.
Use Transaction
Confirmation with
TEE based
Transaction
Display.
Use SE based key
protection.
Use robust &
spoofing resistant
user verification.
Recent mass-
scale attacks to
steal passwords.
FlashCrest, iSpy
EuroGrabber