Mobile devices, Planets and the Human Condition


Shock! Chip and Pin Flaws Exposed!... and the news is?

, posted: 7-Feb-2007 11:46

Surprise, Surprise, its possible to clone a Smart Chip credit card.

reports in the news feeds around the web at the moment which are totally overhyping - yet understating the most obvious flaw.

this flaw has been proven by a research team at cambridge university.


effectively what they are saying is:

Ingredients:

- 1x employee in on the scam.
- 1x modified Terminal
- 1x wireless transmitter.


What the team did was wireless transmit the details and pin code for the card when it was read by the terminal and use it to make purchases elsewhere.

There is nothing new or dramatic here, yes the smart chips are better than a magnetic strip.

but they are still vulnerable to malicious reader attacks.

it really isn't anything new, except they need to get your PIN code as well.

back in 2001 a friend of mine had $18,000 stolen from his visa account in just under 12 hours because there was a racket in the area that were running second machines,

effectively you hand them your card and the would run it through the stand machine then place in into what looked like an unassuming place on the keyboard to rest the card while waiting for the receipt to print.

what it was actually doing is reading the magnetic stripe.


The good news was the police were already onto these guys so my friend got his money back fairly quickly.


I am no expert on such things, but I would guess that until we are at a point where there is no passive side to such a transfer with static data, there will always be the overwhelming capability for nefarious individuals to take an "image" of the encrypted data, and then plant that onto a cloned device.

who knows, solar powered credit cards could be just around the corner.

Other related posts:
Internet Censorship, Guilt by accusation, I'm Angry. very angry (S92a - etc)
Privacy laws get long overdue tidyup over Motorist Registration (NZ)
Thailand vs Youtube.... "team Google, world police"??








Comment by NokiaRocks, on 7-Feb-2007 14:10

Do you have a link to your source?


Author's note by inane, on 7-Feb-2007 14:41

well sort of,

here is the google stream of it.


Comment by sbiddle, on 8-Feb-2007 07:52

At least smart cards in the UK are a damn site more secure than NZ where the banks don't seem to have any problem with around 75% of credit card users still signing for their transactions.. It's a joke - a PIN should be compulsary.


inane's profile

 
Wellington
New Zealand


I'm a professional Geek, and also in my own time, I am likely to write about all manner of things on this blog.
Of late I haven't updated this place much, but I need to do some revamping and dust off the cobwebs a bit. so thats what I'll do. going to aim for a minimum of three times a week updated here to begin, then perhaps head towards every day!


Who knows! 


but for now I hope you enjoy what you read, and that I aid the constant novelty and stimulus to your brain that the internet provides us all, in a way nothing else can!


I am likely to comment on everything here, but my current topics of choice are

*Privacy
*Mobile Devices
*Pluto
*technology
*general and specific ramblings
*ergonomics
*Dvorak Keyboard


BlogBurst.com

Mobile devices and more


Page copy protected against web site content infringement by Copyscape



^^ lol don't know what that is!



Recommended Reading

- Thought Powered Game Controller - Braingate - Technology to read your mind! - Bugatti Veyron top speed (Video) - Top Secret Classified Study - Colossal Squid Caught - How to Dump an HTC Apache ROM - how to dump an HTC Harrier Rom - Unlocking Apache Extended Rom part 1 - Unlocking Apache Extended Rom Part 2

My most active entries

How to Dump an HTC Apache ROM ...
(20-Aug-2006 17:38, 33314 views)
iGoogle? new look to googles ...
(2-May-2007 11:04, 30669 views)
How to easily obtain a list of...
(21-Feb-2007 11:35, 27485 views)
Gamo PT-80 Pistol....
(12-Jun-2007 22:10, 24845 views)
Velociraptor was a Turkey!?...
(24-Sep-2007 12:46, 24706 views)
Google Chrome; download and ch...
(3-Sep-2008 08:25, 22675 views)
Unlocking your Extended Rom PA...
(4-Jul-2006 09:29, 22260 views)
High powered rifles, no licenc...
(13-Oct-2008 20:24, 22085 views)
Guide to unlocking the Apache ...
(29-Jun-2006 12:24, 21627 views)
Pyramids at Giza vs. Pyramids ...
(28-Dec-2006 12:30, 18494 views)




You Tube !




Site Meter