Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chip-and-Pin Vulnerable To Subtle Trickery

Posted by Zonk on from the i-feel-quite-safe dept.

An anonymous reader writes "Cambridge University researchers, in an investigation for BBC Television's Watchdog programme, have demonstrated a man-in-the-middle attack for the chip-and-pin credit card security system used throughout the UK and Europe. In the attack, the card is inserted into a card-reader that has been tampered with, and the information transmitted in real-time to an accomplice who uses a specially modified card to make a higher-value purchase elsewhere. The modified card-reader shows only the expected amount, but the larger amount is deducted from the victim's bank account. It would not be easy to use this method in practice because the two transactions must be made simultaneously. The same team recently demonstrated a hacked chip-and-pin terminal playing Tetris."

2 of 64 comments (clear)

  1. Re:The Tetris hack was a fake by maubp · · Score: 4, Informative

    It was not the real hardware hacked to play tetris. It was different hardware in the same box.

    Sure, this shows that you can fool a user to think they're using a valid machine, but it does not get at the transaction.
    Have you read the article? There is a fake transaction at the victim's location which appears to be paying £20 for dinner. There is a real (but fraudulent) transaction at the jewelers at the same time for $2000 of diamonds.

    The victim's card goes in the "fake pin machine" which is linked via laptops to a "fake card" in a "real pin machine" at another shop (in this case, a jewelers).

    The laptop link makes it look like the victim's card is physically at the jewelers store, and takes care of all the validation. The victim is told the dinner price, and enters their PIN into the "fake PIN machine", which says "thank you" and prints a fake receipt. Meanwhile, the PIN number is then passed to the criminal at the jeweler to key into the real PIN machine and buy the diamonds.

    Tricky to pull off due to the timing - but a real treat all the same.
  2. Re:Single bit check is not enough by sjmurdoch · · Score: 2, Informative

    Each exchange is one challenge bit and one response bit, so the timing is accurate, but this is repeated many times to give a high assurance that the real card is present (128 in the prototype). See the draft paper for the details.

    --
    Steven Murdoch.
    web: http://www.cl.cam.ac.uk/users/sjm217/