Chip & Pin Is Definitely Broken presented at CanSecWest 2011

by Andrea Barisani (Inverse Path ), Daniele Bianco (Inverse Path ),

Tags: Security

Summary : The EMV global standard for electronic payments is widely used for inter-operation between chip equipped credit/debit cards, Point of Sales devices and ATMs. Following the trail of the serious vulnerabilities published by Murdoch and Drimer's team at Cambridge University regarding the usage of stolen cards, we explore the feasibility of skimming and cloning in the context of POS usage. We will analyze in detail EMV flaws in PIN protection and illustrate skimming prototypes that can be covertly used to harvest credit card information as well as PIN numbers regardless the type/configuration of the card. The attacks are believed to be unreleased so far to the public (which however does not mean fraudster are not exploiting them) and are effective in bypassing existing protections and mode of operations. As usual cool gear and videos are going to be featured in order to maximize the presentation.