« | Home | Categories | »

The pre-play vulnerability in Chip and PIN

Posted on May 21st, 2014 at 11:48 by John Sinteur in category: Security -- Write a comment


When a Chip and PIN transaction is performed, the terminal requests that the card produces an authentication code for the transaction. Part of this transaction is a number that is supposed to be random, so as to stop an authentication code being generated in advance. However, there are two ways in which the protection can by bypassed: the first requires that the Chip and PIN terminal has a poorly designed random generation (which we have observed in the wild); the second requires that the Chip and PIN terminal or its communications back to the bank can be tampered with (which again, we have observed in the wild).

previous post: Bounden on Android delayed: we need your help

next post: A Rather Embarrassing Night for Psychic Sally in Middlesbrough