University of Cambridge discovers Chip and PIN verification “wedge” vulnerability
Students at the University of Cambridge have discovered a new flaw that is compromised by using a MITM attack that deceives a terminal in to thinking that a card’s PIN is correct irregardless of what number is provided for the PIN.
The attack uses an electronic device as a “man-in-the-middle” in order to prevent the PIN verification message from getting to the card, and to always respond that the PIN is correct. Thus, the terminal thinks that the PIN was entered correctly, and the card assumes that a signature was used to authenticate the transaction.
“We think this is one of the biggest flaws that we’ve uncovered – that has ever been uncovered – against payment systems, and I’ve been in this business for 25 years,” said Professor Ross Anderson from the school’s Computer Laboratory.
More details are available at the University of Cambridgde Computer Laboratory Security Group website.
Leave a Comment...
You must be logged in to post a comment.
Ruan is a resolute technophile that is currently devoted to the professional practice of Information Technology Management. In his free time Ruan pursues various interests including the study of Information Security practices and the exploration of visual culture through contemporary photography and communication design.
- IBM embraces Firefox, adopts it internally
9:54 am, July 5, 2010 - Canada Post warns of fraudulent email
7:18 pm, April 26, 2010 - Bank Employee Plants Malware on ATMs
11:46 am, April 9, 2010 - University of Cambridge discovers Chip and PIN verification “wedge” vulnerability
11:41 am, February 15, 2010 - The EU and UK Have Less Open Wireless WiFi Broadband Hotspots Than USA
11:43 am, January 8, 2010