Cambridge researcher demonstrates flaw in EMV on TV

Cambridge researcher Saar Drimer recently demonstrated in German TV how easy it is to bypass the PIN verification at an EMV POS-terminal (http://blog.br-online.de/report-muenchen/2010/09/03/neue-chips-im-visier-der-kreditkartenmafia.html). Saar equipped himself with a modified credit card having a cable linked to a computer in his backpack. He then makes a credit card transaction, where he enters the PIN ‘0000’, and demonstrates how the transaction is approved even though the PIN was fake and the receipt tells the cafe-owner that transaction was approved. Saar together with Steven Murdoch and Ross Andersson some time ago released the report “Chip and PIN is Broken”, explaining a serious flaw in the EMV chip that enables an attacker to completely bypass the PIN-verification on the chip card, and was covered in an earlier post.

In the TV-report, Ross Andersson and Steven Murdoch further explain the complexity of EMV, indicating it’s to complex to be verified. Something one could consider would be to make it formally verifiable, which effectively would reduce the specification to few pages.

Advertisements

~ by petergullberg on September 15, 2010.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: