Hacking Chip-and-PIN

Apparently, the authentication system on Chip-and-PIN bank cards is fundamentally flawed. You can manipulate the system to accept any PIN, by taking advantage of the negotiation system used between the merchant and the bank’s authorisation system. This post and this technical paper provide more details on the vulnerability. These cards are common in Europe, and being increasingly rolled out in North America for security reasons. Perhaps the banks doing so should rethink that.

This seems like another example of how serious breaches in electronic security systems are rarely caused by attacks against encryption algorithms directly. Much more often, it is some other component of the system that is weak.

Author: Milan

In the spring of 2005, I graduated from the University of British Columbia with a degree in International Relations and a general focus in the area of environmental politics. In the fall of 2005, I began reading for an M.Phil in IR at Wadham College, Oxford. Outside school, I am very interested in photography, writing, and the outdoors. I am writing this blog to keep in touch with friends and family around the world, provide a more personal view of graduate student life in Oxford, and pass on some lessons I've learned here.

6 thoughts on “Hacking Chip-and-PIN”

  1. Any indication whether a software patch could fix this? Or will they have to replace lots of expensive gear?

  2. I’ve been wondering if the mindset of bankers is such that they keep looking for a technological bandaid that will allow them to continue to avoid developing best practices around card security.

    I’ve also been wondering whether the introduction of chip-and-pin is more about security theatre than an actual attempt to improve security. Banks certainly appear to clam up about how often mag-stripe cards have been compromised, in hopes of reassuring their customers that all is well, and there’s nothing to see…

  3. Because it uses a challenge-response protocol, Chip-and-PIN should theoretically be more robust than a magnetic strip.

    What this situation seems to show is that implementing good security ideas can be hard, and can easily generate unexpected vulnerabilities.

  4. The other thing that the CHIP allows is the downloading of fraud responsibility to the end user. The old cards had the banks on the hook for fraud, but the new cards come with new agreements that limits their liability and puts the onus on the card holder for fraudulant charges,

Leave a Reply

Your email address will not be published. Required fields are marked *