Slashdot Mirror

← Back to Stories (view on slashdot.org)

Possible Serious Security Flaw In ATMs

Posted by Zonk on from the my-money-is-flighty-enough-as-it-is dept.

sfjoe writes "According to a story at MSNBC.com, researchers at Algorithmic Research (ARX) have shown it may be possible for 'someone with access to the ATM network to attack the special computers that transmit bank account numbers and PIN codes, called hardware security modules'. Using these methods, an attacker could trick the security modules into exposing a PIN. It has long been considered impossible to access PINs as they are traveling through the ATM network without the encryption key used by the card-issuing bank. If PINs can be compromised, the almost 8 billion transactions per year they handle may be in danger. Not to mention all the transaction at retail stores."

9 of 167 comments (clear)

  1. Poink-Poink-Poink-Poink by Stanistani · · Score: 4, Funny

    *Looks left and right*

    Stop reading my tones!

    --
    You can't talk about Wikipedia's flaws on Wikipedia
  2. The reality of this is... by __aaclcg7560 · · Score: 4, Funny

    Getting a bigger mattress to store my cash in.

    1. Re:The reality of this is... by __aaclcg7560 · · Score: 2, Funny

      It's against the law for you or any who may represent you (legally or not) to pay your way out of debt. I'll probably get a letter in a few weeks noting "suspicious activity" on my account since I paid it off today. Go figure.

  3. Fist Post? by Anonymous Coward · · Score: 1, Funny

    All your PINs are belong to us.

  4. Let's just get this clear right now... by Anonymous Coward · · Score: 5, Funny

    First one to refer to "ATM Machines" or "PIN numbers" gets slapped.

    1. Re:Let's just get this clear right now... by aaza · · Score: 2, Funny
      So I can't talk about the numeric identifier of a leg of an IC, or the machine that does asyncronous transfer mode?

      :-)

      --
      In theory there is no difference between theory and practice.
      In practice, however, there is.
  5. Re:Transmission of PINs? by harves · · Score: 2, Funny

    Well, the bank needs *some* way to authenticate you. The bank cannot trust any device on the ATM network to say: "Hello, this is stonertom. Really really really."

  6. New Title to Earn? by failedlogic · · Score: 3, Funny

    So if someone cracks the system do they become "The Lord of the PINS?"

    Sorry, obvious pun joke. Had to make it. Any others?

    1. Re:New Title to Earn? by adamofgreyskull · · Score: 2, Funny

      I knew a guy, went around resetting pins all over town, name 'o Brunswick, hella a guy.