Tuesday, 20 May 2014 - 13:31
New PIN-pass technology hacked
The chip technology on the current PIN-pass cards, the co-called EMV-chip, seems to have several vulnerabilities that make it possible to copy. The chip was first introduced to eliminate the threat of hacking. Researchers from the University of Cambridge discovered the leak, and published their findings in a paper called "Chip and Skim: cloning EMV cards with the pre-play attack." The leak makes it easy to clone bank cards, which is called skimming. Copied bank cards are said to be able to pass even the bank's own scrutiny. The researchers have shown practical research, and proven the leak. According to the researchers, the current security system with the EMV-chip has two problems. The first is that for every card, a unique random authentication code has to be provided. It now seems that these codes are not random at all, which punctures the security. The second problems is in the communication between the card terminal and the bank. According to the researchers, this can be intercepted without leaving a trace by, for example, the shop owner. This person can then clone a bank card, including the not-so-randomized authentication codes. This produces an identical card that the bank cannot distinguish from the real one.