Email Address Password
Remember Me

Or Create a (Free) Account.
2004JanFebMarAprMayJunJul Aug Sep Oct Nov Dec
2005 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2006 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Oct Oct
2007JanFebMarAprMayJunJulAugSepOctNovDec2007
2008JanFebMarAprMayJunJulAugSepOctNovDec2008
2009JanFebMarAprMayJunJulAugSepOctNovDec2009
2010JanFebMarAprMayJunJulAugSepOctNovDec2010
2011JanFebMarAprMayJunJulAugSepOctNovDec2011
2012JanFebMarAprMayJunJulAugSepOctNovDec2012
2013JanFebMarAprMayJunJulAugSepOctNovDec2013
2014JanFebMarAprMayJunJulAugSepOctNovDec2014

Fri 12th Feb 22:04 2010: Chip and Pin is Broken

This was due to be shown on BBC2's Newsnight, but it seems that the Afghan conflict has pushed it off the schedule. Cambridge University security researchers have shown in their most compelling demonstration yet, that Chip and Pin is Broken.

With a small netbook PC in his backpack, the researcher successfully used the credit and debit cards of the Newsnight team to process transactions, using a PIN of "0000" - any PIN at all would be accepted, since the card-reader believed that it was processing a PIN-verified transaction (and printed a receipt stating "Verified by PIN") while the chip on the card believed that it had fallen through to a card-and-signature protocol. The researchers explain that the negotiation for choosing a protocol (chip-and-pin or card-and-signature) is flawed. The BBC researchers confirmed that the transactions went through although an invalid (an unallowable) PIN of "0000" was used, and that none of the card issuers had contacted them about the transaction.


Comments for 'Chip and Pin is Broken'

You could post a comment if you were logged in.

You are logged in as 0

create an account

Steve's urandom blog
Share on Twitter Share on Facebook Share on LinkedIn Share on Identi.ca Share on StumbleUpon
My Shell Scripting Book:
    Shell Scripting, Expert Recipes for Linux, Bash and more
is available online and from all good booksellers:


DefectiveByDesign.org