All the latest UK technology news, reviews and analysis
|
|
|
12 Feb 2010
Researchers at Cambridge University have claimed in a new paper that chip and PIN systems are not as secure as once thought.
The paper, entitled Chip and Pin is Broken (PDF), said that chip and PIN readers could be " fooled" into accepting transactions, despite not having the relevant PIN.
The researchers explained that it is possible to launch a man-in-the-middle attack, effectively blinding the machine to the fraud and letting criminals exploit lost or stolen cards.
Chip and PIN has often been described as a silver bullet for securing transactions, and has been credited with causing a drop in fraud levels. Just this week Home Office minister Alan Campbell said that the system had "reduced fraud on lost or stolen cards to an all time low".
However, the Cambridge researchers claim to have demonstrated how a hacker could use a stolen card without knowing the PIN.
"Since verified by PIN - the essence of the system - does not work, we declare the chip and PIN system to be broken," the paper said.
The risk does not apply to cash machines, but could be exploited on the majority of cards using offline systems, such as those found in shops which connect elsewhere to approve a transaction.
The researchers added that it is during this verification process that the flaw could be exploited.
Latest stories from Web
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Sneak peek at the forthcoming glass-based machine
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Inside Sales / IT Sales / Business Development / Fluent...
Title: Senior Web Developer / Engineer (HTML, JavaScript...
Job Title: Java Developer (J2SE / JEE) Salary: up to...
Job Title: Agile Test Manager Salary: up to 55k per...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Is there really any security at all?
Another great idea from this useless Government seriously Flawed like the UK Govt certified encryption used for protecting those Kingston Pen Drives which proved to be seriously Flawed remember? Is the same UK Govt certified encryption guarding all the Data Basses which this Government are constantly adding our personal information to? Makes you wonder where all the 'Bank Money' really went does it not? Signed Carl Barron Chairman of agpcuk http://carl-agpcuk.livejournal.com/ http://disqus.com/Carl_Barron/
Posted by: Carl Barron 12 Feb 2010