[Cryptography] Insecure Chip 'n' PIN starts tomorrow
John Levine
johnl at iecc.com
Thu Oct 1 23:47:39 EDT 2015
>>> Are there any attacks against EMV that don't involve using the payment
>>> mechanisms that only require the card number?
Since nobody else seems to have sent it in, the paper you want is
"Chip and PIN is Broken" by Murdoch et al. at Cambridge. They found a
bug in the protocol that lets a MITM device fake a PIN verified
transaction:
https://www.cl.cam.ac.uk/research/security/banking/nopin/oakland10chipbroken.pdf
R's,
John
More information about the cryptography
mailing list