Mobile devices, Planets and the Human Condition


Shock! Chip and Pin Flaws Exposed!... and the news is?

, posted: 7-Feb-2007 11:46

Surprise, Surprise, its possible to clone a Smart Chip credit card.

reports in the news feeds around the web at the moment which are totally overhyping - yet understating the most obvious flaw.

this flaw has been proven by a research team at cambridge university.


effectively what they are saying is:

Ingredients:

- 1x employee in on the scam.
- 1x modified Terminal
- 1x wireless transmitter.


What the team did was wireless transmit the details and pin code for the card when it was read by the terminal and use it to make purchases elsewhere.

There is nothing new or dramatic here, yes the smart chips are better than a magnetic strip.

but they are still vulnerable to malicious reader attacks.

it really isn't anything new, except they need to get your PIN code as well.

back in 2001 a friend of mine had $18,000 stolen from his visa account in just under 12 hours because there was a racket in the area that were running second machines,

effectively you hand them your card and the would run it through the stand machine then place in into what looked like an unassuming place on the keyboard to rest the card while waiting for the receipt to print.

what it was actually doing is reading the magnetic stripe.


The good news was the police were already onto these guys so my friend got his money back fairly quickly.


I am no expert on such things, but I would guess that until we are at a point where there is no passive side to such a transfer with static data, there will always be the overwhelming capability for nefarious individuals to take an "image" of the encrypted data, and then plant that onto a cloned device.

who knows, solar powered credit cards could be just around the corner.

Other related posts:
Internet Censorship, Guilt by accusation, I'm Angry. very angry (S92a - etc)
Privacy laws get long overdue tidyup over Motorist Registration (NZ)
Thailand vs Youtube.... "team Google, world police"??








Comment by NokiaRocks, on 7-Feb-2007 14:10

Do you have a link to your source?


Author's note by inane, on 7-Feb-2007 14:41

well sort of,

here is the google stream of it.


Comment by sbiddle, on 8-Feb-2007 07:52

At least smart cards in the UK are a damn site more secure than NZ where the banks don't seem to have any problem with around 75% of credit card users still signing for their transactions.. It's a joke - a PIN should be compulsary.


Add a comment

Please note: comments that are inappropriate or promotional in nature will be deleted. E-mail addresses are not displayed, but you must enter a valid e-mail address to confirm your comments.

Are you a registered Geekzone user? Login to have the fields below automatically filled in for you and to enable links in comments. If you have (or qualify to have) a Geekzone Blog then your comment will be automatically confirmed and placed in the moderation queue for the blog owner's approval.

Your name:

Your e-mail:

Your webpage:

inane's profile

 
Wellington
New Zealand


I'm a professional Geek, and also in my own time, I am likely to write about all manner of things on this blog.
Of late I haven't updated this place much, but I need to do some revamping and dust off the cobwebs a bit. so thats what I'll do. going to aim for a minimum of three times a week updated here to begin, then perhaps head towards every day!


Who knows! 


but for now I hope you enjoy what you read, and that I aid the constant novelty and stimulus to your brain that the internet provides us all, in a way nothing else can!


I am likely to comment on everything here, but my current topics of choice are

*Privacy
*Mobile Devices
*Pluto
*technology
*general and specific ramblings
*ergonomics
*Dvorak Keyboard


BlogBurst.com

Mobile devices and more


Page copy protected against web site content infringement by Copyscape



^^ lol don't know what that is!



Recommended Reading

- Thought Powered Game Controller - Braingate - Technology to read your mind! - Bugatti Veyron top speed (Video) - Top Secret Classified Study - Colossal Squid Caught - How to Dump an HTC Apache ROM - how to dump an HTC Harrier Rom - Unlocking Apache Extended Rom part 1 - Unlocking Apache Extended Rom Part 2

My most active entries

How to Dump an HTC Apache ROM ...
(20-Aug-2006 17:38, 33109 views)
iGoogle? new look to googles ...
(2-May-2007 11:04, 30533 views)
How to easily obtain a list of...
(21-Feb-2007 11:35, 27256 views)
Gamo PT-80 Pistol....
(12-Jun-2007 22:10, 24493 views)
Velociraptor was a Turkey!?...
(24-Sep-2007 12:46, 24412 views)
Google Chrome; download and ch...
(3-Sep-2008 08:25, 22486 views)
Unlocking your Extended Rom PA...
(4-Jul-2006 09:29, 22035 views)
Guide to unlocking the Apache ...
(29-Jun-2006 12:24, 21443 views)
High powered rifles, no licenc...
(13-Oct-2008 20:24, 20825 views)
Pyramids at Giza vs. Pyramids ...
(28-Dec-2006 12:30, 18241 views)




You Tube !




Site Meter