Jan 8, 2008 5:41 AM

The purported security of a Chip & PIN terminal system

Link: Light Blue Touchpaper » Blog Archive » Chip & PIN terminal playing Tetris.

"Many discussions over the security of Chip & PIN have focused on the tamper-resistance of terminals (for example in the aftermath of the Shell Chip & PIN fraud). It is important to remember, however, that even perfect tamper resistance only ensures that the terminal will no longer be able to communicate with the bank once opened. It does not prevent anyone from replacing most of the terminal’s hardware and presenting it to customers as legitimate, so freely collecting card details and PINs.
"Steven Murdoch and myself took the chassis of a real terminal and replaced much of the internal electronics such that it allows us to control the screen, keypad and card-reader. Steven suggested that in order to show that it is completely under our control, we should make it play Tetris..."

((Uh-oh:)))

(((Even more uh-oh:)))

http://www.guardian.co.uk/technology/2008/jan/03/hitechcrime.news

"... Barclaycard's case against pensioner Donald Reddell, who lost £3,000 in phantom withdrawals from UK ATMs. His wife has a card on the same account, but Reddell says they don't use them for anything other than emergency transactions while on holiday.

"The disputed transactions were made using the chip in the issued card received by Mr Reddell and not a counterfeit card," says Barclaycard, adding that the Ombudsman had upheld its decision to dismiss Mr Reddell's claim.

"That couldn't have happened, because it was kept in my safe," contends Reddell. He only ever used it in an ATM to change the pin on the card, which was new, two weeks before the frauds occurred.

If skimmed, Reddell's card would have been open to fraud in the thousands of overseas ATM machines that don't have chip-and-pin capability, or using "card not present" transactions such as those made via websites....

Your Vape Wants to Know How Old You Are

Companies hope that biometric age-verification tech in cartridges could put flavored vapes back in business. But it's unlikely to solve the real problems.

Boone Ashworth

Exclusive LegalZoom Promo Code for 10% Off Services for April

Save on top services at LegalZoom, like LLC registration, incorporation, estate plans, and more with coupons and deals from WIRED.

Parker Hall

US Takes Down Botnets Used in Record-Breaking Cyberattacks

The Aisuru, Kimwolf, JackSkid, and Mossad botnets had infected more than 3 million devices in total, many inside home networks, according to the US Justice Department.

Andy Greenberg

How to Find the Best Used or Refurbished Electronics

Save money and reduce your carbon footprint with these tips to snag the best deals on quality refurbished and used electronics.

Simon Hill

Uncanny Valley: OpenAI and Musk Fight Again; DOJ Mishandles Voter Data; Artemis II Comes Home

In this episode, the hosts discuss the fight between OpenAI and Elon Musk, the misuse of voter data, and Artemis II’s moonshot.

Brian Barrett

Anduril Wants to Own the Future of War Tech. Mishaps, Delays, and Challenges Abound

From drones to missiles to submarines, the $30.5 billion defense startup wants to transform how the tools of war are made. It’s not all going as planned.

Paresh Dave

Opposing ICE Might Save the Country. It Could Also Ruin Your Life

For months, lone vibe coder Rafael Concepcion has obsessively built tools to counter the federal immigration crackdown—pivoting as he’s been outmatched. He’s also lost his job and become a target.

Brendan I. Koerner

Nobody Knows How to File Taxes on Prediction Market Wins

Americans flocked to prediction markets last year. Now, it’s time to pay taxes on winnings. How do you do that? Great question.

Kate Knibbs

FCC Enforcement Chief Offered to Help Brendan Carr Target Disney, Records Show

Last year, as FCC chair Brendan Carr threatened ABC over a Jimmy Kimmel monolog, a civil servant overseeing West Coast stations privately pledged support, according to emails obtained by WIRED.

Dell Cameron

Livestream Replay: The War Machine

A panel of WIRED experts dissected the defense tech industry’s impact on modern warfare.

Tim Marchman

A Billionaire-Backed Startup Wants to Grow 'Organ Sacks' to Replace Animal Testing

R3 Bio has a bold idea for replacing lab animals: genetically-engineered whole organ systems that lack a brain. The long-term goal, says a cofounder, is to make human versions.

Emily Mullin

The Trajectory of the Artemis II Moon Mission Is a Feat of Engineering

The astronauts will arrive about 10,300 kilometers beyond our satellite, breaking all previous records for distance from Earth. But how was their route chosen?

Luca Nardi