Fool us Once, fool us twice Hacking Norwegian Banks
Per Thorsheim
DEF CON 32 Creator Stage · Day 1 · Creator Stage
In a revealing presentation at DEF CON 32, security expert Per Thorsheim, joined by Cecilia, exposed a critical vulnerability within Norway's highly digitized banking system. Their talk, "Fool us Once, fool us twice: Hacking Norwegian Banks using paper ID," delved into how a seemingly innocuous legacy process—the paper-based Power of Attorney (PoA)—could entirely bypass the sophisticated digital security mechanisms designed to protect customer accounts. The presentation highlighted a stark disconnect between robust online defenses and a glaring weakness in physical, human-centric processes, demonstrating how an attacker could gain full control over a bank account with minimal effort and forged documents.