The issue also is (for the banks depending on the application) that they can't trust aplication running on the user's computer. This begs for opensource implementation that returns plausible fake data. :)
Yes, developing such an application would be fairly easy. From what I understand however, South Korea has laws against reverse engineering. So openly distributing this application would probably be risky, asking for lawsuits. Which doesn’t mean of course that no cybercrime gang (particularly those specializing in banking fraud) has such an application.
I was wondering just that. Get the private key, spoof the data to be the "real" ip of your neighbor whom you have, do bank crimes. Ta-dan, you get him in troubles.
