acm-header
Sign In

Communications of the ACM

Home/News/Researchers Discover Critical Flaws in the Chip and.../Full Text
ACM TechNews

Researchers Discover Critical Flaws in the Chip and Pin System

By Help Net Security
May 20, 2014
Comments
View as: Print Mobile App Share:
Closeup of a chip-based payment card.

Security researchers say they have found a vulnerability in the ubiquitous chip-and-PIN system.

Credit: ZDnet.com

Cambridge University researchers have unearthed a pair of critical flaws in EMV smart card technology that can be exploited to generate cloned cards that are undetectable by normal bank procedures.

The researchers found that some ATMs create poor random numbers that are easily predictable and could be leveraged to compute codes to authorize cash withdrawals. Such a pre-play attack would be "indistinguishable from card cloning from the standpoint of the logs available to the card-issuing bank, and can be conducted even if it is impossible to clone a card physically," the researchers warn. They note that this type of attack would complicate card owners' ability to prove they were not responsible for or involved in the fraud, and should be refunded.

The second flaw the researchers found is a protocol failure that would permit malware in an ATM or point-of-sale terminal to execute a pre-play attack simply by replacing the randomly produced number with one chosen by the attacker.

These flaws were discovered more than two years ago, but only the first flaw has been resolved so far.

From Help Net Security
View Full Article

 

Abstracts Copyright © 2014 Information Inc., Bethesda, Maryland, USA

 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account