New Chip And PIN System Vulnerable 12.02.2010
The new chip system which was implemented on credit cards some time ago has proven to be quite vulnerable
to anyone with decent technical skills.
This vulnerability allows cruimnals to use the card without even knowing the correct PIN code.
They simply insert a "wedge" between the stolen card and the terminal, which tricks the terminal
into believing that the PIN was ciorrectly verified.
Allowing the criminal to enter any PIN he feels like, and the transaction will be done regardless.
Dr. Murdoch, one of the main people behind this discovery, says they have tested this attack against
cardsd issued by all the major UK banks. They all proved to be vulnerable.
Another side of this is that customers might have a hard time getting refunded money which are stolen from
them using this technique, as both the receipt and the banks records will show the transaction is
"verified by PIN", allowing the banks to argue that the customer has been careless, allowing criminals to
know their PIN.
As an addition to this, the technology which is used to create the "wedge" is low, so just about anyone can
make it, it is also small enough so that shop staff might not notice if their terminal have been rigged.
This attack, including a demonstration has been deployed in practice, featured on BBC Two's newsnight yesterday.
Source of this story here
Comment this story