Possible Serious Security Flaw In ATMs

Posted by Zonk on Thursday November 30, 2006 @10:45AM from the my-money-is-flighty-enough-as-it-is dept.

sfjoe writes "According to a story at MSNBC.com, researchers at Algorithmic Research (ARX) have shown it may be possible for 'someone with access to the ATM network to attack the special computers that transmit bank account numbers and PIN codes, called hardware security modules'. Using these methods, an attacker could trick the security modules into exposing a PIN. It has long been considered impossible to access PINs as they are traveling through the ATM network without the encryption key used by the card-issuing bank. If PINs can be compromised, the almost 8 billion transactions per year they handle may be in danger. Not to mention all the transaction at retail stores."

2 of 167 comments (clear)

Min score:

Reason:

Sort:

Let's just get this clear right now... by Anonymous Coward · 2006-11-30 10:50 · Score: 5, Funny

First one to refer to "ATM Machines" or "PIN numbers" gets slapped.
Holding All the Cards by Doc+Ruby · 2006-11-30 10:56 · Score: 5, Interesting

Every bank I know of with back-end offices here in NYC requires everyone passing through their building doors to use onetime password cards (usually RSA keycards) for access. Yet those banks all make us run around broadcasting our PINs to whichever fly-by-night ATM dispenses $100 latenight when we're drunk.

The cost of chipcards that generate onetime passwords, to protect from replay attacks, is minimal. Especially compared with fraud and theft. What's taking them so long?

--
--
make install -not war