wizzard: (Default)
wizzard ([personal profile] wizzard) wrote2014-05-21 01:21 am
  • Add Memory
  • Share This Entry

Preplay Attack on Chip and PIN

https://www.schneier.com/blog/archives/2014/05/preplay_attack_.html
Interesting research paper on a bank card chip-and-PIN vulnerability. From the blog post:
Our new paper shows that it is possible to create clone chip cards which normal bank procedures will not be able to distinguish from the real card.
When a Chip and PIN transaction is performed, the terminal requests that the card produces an authentication code for the transaction. Part of this transaction is a number that is supposed to be random, so as to stop an authentication code being generated in advance. However, there are two ways in which the protection can be bypassed: the first requires that the Chip and PIN terminal has a poorly designed random generation (which we have observed in the wild); the second requires that the Chip and PIN terminal or its communications back to the bank can be tampered with (which again, we have observed in the wild).
  • Add Memory
  • Share This Entry
(0 comments)

Post a comment in response:

(will be screened)
(will be screened if not validated)
If you don't have an account you can create one now.
HTML doesn't work in the subject.
More info about formatting

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org

 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.