I thought Chip & Pin was meant to be safe..

Duke

Duke

Duke

Man of Honour
Joined
29 Jun 2003
Posts
34,599
Location
Wiltshire
El Reg said:
UK researchers have hacked a supposedly tamper-proof Chip and PIN terminal to allow it to play Tetris. Steven Murdoch and Saar Drimer of the University of Cambridge managed to get a playable version of the classic game working on the tiny screen.

The proof-of-concept hack highlights wider security concerns about the terminals even though it was only possible after Murdoch and Drimer replaced most of the internal electronics after opening up the terminal. The attack illustrates the possibility that hackers might be able to physically modify terminals for far more malign purposes.
Click to expand...
Video here - http://www.youtube.com/watch?v=wWTzkD9M0sU

A bit worrying :p
 
lol - imagine what they could do to a cash machine then lol.

Do most cash machines still run 3.11?
 
Not really, they had to replace a lot of the internal components. replace enough components and you can get a screen to do anything.

Although I still think it should have one way glass your hand goes under.
 
Chip and pin is so banks can reliquinsh responsibility for on site fraud. Signiture fraud, they have to refund for. Pin fraud.. you are responsible for and will not be refunded as they will say you cannot prove you didn't share it with anyone else.

Fact.
 
crystaline said:
Chip and pin is so banks can reliquinsh responsibility for on site fraud. Signiture fraud, they have to refund for. Pin fraud.. you are responsible for and will not be refunded as they will say you cannot prove you didn't share it with anyone else.

Fact.
Click to expand...


OooOooooO, i did not know that. I shall have to remember that one.
 
It was on hackaday not long ago.

Like AcidHell2 said, they replaced a lot of the machine. All you need is the casing, sscreen, keypad and card reader to be same, and people will happily use it to pay for purchases.

I would be a lot more worried if the hardware was the same and someone had found a way to overwrite the software for the device.
 
LOL I wish you could get tetris on those things, then they could give you money off what you're buying if you win, :D
 
hybrid said:
Maybe pass the knowledge on!? :confused:
Click to expand...

Fair enough, I was just thinking that if you were in the situation where the bank claimed lack of responsibility, then you wouldn't be able to really do anything about it.
 
hybrid said:
ahh nah nah, i wasnt trying to say it from that point of view d00d.

Just pub ammo really lol. ;)
Click to expand...

Haha, could start quite an interesting drunken debate about it after a good few pints.
 
crystaline said:
Chip and pin is so banks can reliquinsh responsibility for on site fraud. Signiture fraud, they have to refund for. Pin fraud.. you are responsible for and will not be refunded as they will say you cannot prove you didn't share it with anyone else.

Fact.
Click to expand...

Exactly

Fraud still exists but the banks don't have to pay out so its brushed under the carpet. Then they say fraud has dropped over 50% and everything is okay.....
 
You must log in or register to reply here.
Back
Top Bottom