This was due to be shown on BBC2's Newsnight, but it seems that the Afghan conflict has pushed it off the schedule. Cambridge University security researchers have shown in their most compelling demonstration yet, that Chip and Pin is Broken.
With a small netbook PC in his backpack, the researcher successfully used the credit and debit cards of the Newsnight team to process transactions, using a PIN of "0000" - any PIN at all would be accepted, since the card-reader believed that it was processing a PIN-verified transaction (and printed a receipt stating "Verified by PIN") while the chip on the card believed that it had fallen through to a card-and-signature protocol. The researchers explain that the negotiation for choosing a protocol (chip-and-pin or card-and-signature) is flawed. The BBC researchers confirmed that the transactions went through although an invalid (an unallowable) PIN of "0000" was used, and that none of the card issuers had contacted them about the transaction.
Comments for 'Chip and Pin is Broken'
You could post a comment if you were logged in.
You are logged in as 0