ATMs hacked using MP3 player
Anne & Lynn Wheeler
lynn at garlic.com
Wed Nov 15 18:51:40 EST 2006
and one more skimming attack
ATMs hacked using MP3 player
http://news.com.com/2061-10789_3-6135905.html?part=rss&tag=2547-1_3-0-20&subj=news
from above:
The gang targeted freestanding cash dispensers and would tap the phone line between the ATM and a wall socket by placing a two-way adaptor on it and connecting an MP3 player, according to the newspaper.
... snip ...
just another in long history of skimming/harvesting of static authentication information
somewhat related:
http://www.garlic.com/~lynn/aadsm26.htm#4 Citibank e-mail looks phishy
and as referred to here
http://www.garlic.com/~lynn/2006u.html#42 New attacks on the financial PIN processing
x9.59 protocol
http://www.garlic.com/~lynn/x959.html#x959
http://www.garlic.com/~lynn/subpubkey.html#x959
attempting to address the whole problem of attackers acquiring (sensitive) static authentication information ... regardless of method, harvesting, skimming, data breaches, phishing, whatever
... effectively for use in any form of replay attack.
the design of the x9.59 protocol also attempted to address numerous possible man-in-the-middle attacks ... which still might occur even when switching from static authentication data to dynamic authentication data i.e. the authentication was part of the transaction itself ... as opposed to separately operation (which could possibly open up cracks for man-in-the-middle attacks).
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list