Fatal Flaw In Chip And Pin Revealed - 'Whole System Needs A Rewrite' - HotUKDeals
We use cookie files to improve site functionality and personalisation. By continuing to use HUKD, you accept our cookie and privacy policy.
Get the HUKD app free at Google Play

Search Error

An error occurred when searching, please try again!

Login / Sign UpSubmit

Fatal Flaw In Chip And Pin Revealed - 'Whole System Needs A Rewrite'

iNSOMANiAC Avatar
6y, 9m agoPosted 6 years, 9 months ago
A team of computer scientists at Cambridge University has found a flaw in chip and pin so serious they think it shows that the whole system needs a re-write.

They have created a small device that convinces the cash machine that the correct pin has been entered, when it hasn't.

Your card goes into the device, a linked fake card goes into the Cash machine and voila !

They call the device 'shockingly simple'
iNSOMANiAC Avatar
6y, 9m agoPosted 6 years, 9 months ago
Options

All Comments

(24) Jump to unreadPost a comment
Comments/page:
#2
so what they gona do now, change the whole system to what??:whistling:
#3
Pin and chip possibly
#4
iNSOMANiAC
Pin and chip possibly


:w00t:
#5
only allow people to use a card to pay for goods by card if they are wearing a short sleeved top,simples
banned#6
Anyone know where I can buy a "shockingly simple"?
banned#7
guv
Anyone know where I can buy a "shockingly simple"?


There's a few knocking about on this forum.
#8
Its been obvious from the start that there are flaws in it. How many times have you been in the supermarket and been able to see the person in front of you putting in their pin! Some little tea leaf nicks your purse or wallet and they're off and running with your cash. I recon this machine is only one of many different ways! The thing is they have publicised this one!!!
#9
A team of computer scientists at Cambridge University


It must be simple if only one team of computer scientists at one of the top universities in the entire world took a few years to find it.
#10
Carley
ooooh the irony in that post is strong!


Indeed, indeed. :roll:
banned#11
Carley
ooooh the irony in that post is strong!


You are mistaking simple with sexual in that case.
#12
whatsThePoint
Yet another example of people with nothing better to do finding ways for con artists to rip people off
If they hadn't discovered it, would it of ever come to light?
Now criminals around the world will be cashing in on their great discovery


Yet another? Struggling to think of another example.
#13
Goonieman
Yet another? Struggling to think of another example.


What he has clearly failed to grasp is that for all we know thieves have been using this system since chip and pin came in, only by finding these flaws can they be patched up :roll:

Surely even a complete idiot can see that.
banned#14
iNSOMANiAC
What he has clearly failed to grasp is that for all we know thieves have been using this system since chip and pin came in, only by finding these flaws can they be patched up :roll:


Companies employ people to try to hack the security in their systems. Indeed many of the people they employ are former hackers. eg Markus Khun (Famous for his Sky TV hacks - google "season 7 sky") and now working at, surprise, surprise, Cambridge University in Computer science.

Well done Marcus. :thumbsup:

Surely even a complete idiot can see that.


Clearly not the case!!!
#15
whatsThePoint
No point in asking you, but does anyone with sense think it would of been better to keep this quiet while the flaw was closed so criminals couldn't exploit it


LOL, christ almighty.
#16
iNSOMANiAC
What he has clearly failed to grasp is that for all we know thieves have been using this system since chip and pin came in


I agree, It couldn't have been me who bought those inflatable sheep and lipstick.
banned#17
whatsThePoint
No point in asking you, but does anyone with sense think it would of been better to keep this quiet while the flaw was closed so criminals couldn't exploit it


It's in the public interest to make this knowledge available so it can be patched up. Does anybody seriously think some computer scientists at a University are more capable than the hackers out there. All exploits should be public on the off chance that somebody with a more sinister agenda has already cracked the system. It's why there are White Hat Hackers employed by organisations. It then forces the organisations implementing the systems to patch the exploit otherwise they wouldn't bother.

There is a whole industry set up to look for exploits in security systems, banks, operating systems etc. They find the exploit then more or less blackmail the company in question into paying them for details of it otherwise they release it into the wild first. It's a wonderful debate subject on the ethics of it all.

At least, hopefully, in the University's case they will have informed the Chip and Pin people first.
banned#18
master_chief
At least, hopefully, in the University's case they will have informed the Chip and Pin people first.


Only after they tested it a few times! :whistling::w00t::w00t:
banned#19
I.ve been using this exploit for years sick and tired of having to remember my pin on all my cards.
#20
whatsThePoint
Ok i will ask you as you seem to think yourself some sort of authority on this subject

Q How has publishing this information helped the general public and in what way has it hindered any criminals that may of discovered it already(however unlikely) or are now working on it thanks to this pointing it out to them (very likely)


Because it's highly likely someone with less honest intentions than University researchers has already figured this out, because if this information isn't made public they (the banks) will just ignore the problem, because once announced the public can keep an eye out for it....etc..
banned#21
whatsThePoint
Ok i will ask you as you seem to think yourself some sort of authority on this subject

Q How has publishing this information helped the general public and in what way has it hindered any criminals that may of discovered it already(however unlikely) or are now working on it thanks to this pointing it out to them (very likely)


Cashiers that care will be looking for wires dangling out of someones sleeve. Easy option is take the card of people like 80% off places do anyway.
#22
whatsThePoint
Ok i will ask you as you seem to think yourself some sort of authority on this subject

Q How has publishing this information helped the general public and in what way has it hindered any criminals that may of discovered it already(however unlikely) or are now working on it thanks to this pointing it out to them (very likely)


If criminals have discovered it already (very likely - seriously, more money to be made here than working for a uni) then what's the point in keeping it quiet??? At least this way the public can be made more aware of the risks......
banned#23
whatsThePoint
Ok i will ask you as you seem to think yourself some sort of authority on this subject

Q How has publishing this information helped the general public and in what way has it hindered any criminals that may of discovered it already(however unlikely) or are now working on it thanks to this pointing it out to them (very likely)


hahaha... This little rant is serious isn't it!

The criminal world would already have been working on this. I'm quite sure if they had uncovered how to do so, it would be in the press for that reason. Would that make you likely to try to replicate too?

What makes you think that the University went to the press rather than the banks? I'd be seriously surprised if this research hadnt already been shown to the banks months ago to highlight their weaknesses with a thorough demonstation and all the research notes. I'd also be very surprised if the banks were not extremely grateful for this info.
#24
whatsThePoint
I take you work in crime prevention and have access to what scams criminals are using and your not just making that statement based on your limited opinion

In a week (or by tomorrow more likely) the public would of forgotten about it


I'm making the statement based on the balanced of probabilities, but seeing as we're on the subject, what's your expert angle on this?

And just out of interest, in what way is my opinion "limited"??? Or did you just think saying it sounded clever?

Post a Comment

You don't need an account to leave a comment. Just enter your email address. We'll keep it private.

...OR log in with your social account

...OR comment using your social account

Thanks for your comment! Keep it up!
We just need to have a quick look and it will be live soon.
The community is happy to hear your opinion! Keep contributing!