[Cryptography] Insecure Chip 'n' PIN starts tomorrow

John Levine johnl at iecc.com
Thu Oct 1 23:47:39 EDT 2015


>>> Are there any attacks against EMV that don't involve using the payment
>>> mechanisms that only require the card number?

Since nobody else seems to have sent it in, the paper you want is
"Chip and PIN is Broken" by Murdoch et al. at Cambridge.  They found a
bug in the protocol that lets a MITM device fake a PIN verified
transaction:

https://www.cl.cam.ac.uk/research/security/banking/nopin/oakland10chipbroken.pdf

R's,
John


More information about the cryptography mailing list