Chip and Pin Terminal Hacked to Play Tetris
Security researchers at the University of Cambridge have created a proof of concept hack showing the potential insecurity of supposedly un-hackable chip and pin terminals.
Saar Drimer and Steven Murdoch of the Security Research Laboratory managed to get a workable version of Tetris going on the machine.
Saar writes:
“Many discussions over the security of Chip & PIN have focused on the tamper-resistance of terminals (for example in the aftermath of the Shell Chip & PIN fraud).
It is important to remember, however, that even perfect tamper resistance only ensures that the terminal will no longer be able to communicate with the bank once opened. It does not prevent anyone from replacing most of the terminal’s hardware and presenting it to customers as legitimate, so freely collecting card details and PINs.”
Scary!
This entry was posted on Friday, January 5th, 2007 at 2:47 pm and is filed under . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Post to del.icio.us
Post to Slashdot
Digg this
