Phish and Chips

In response to a global epidemic of card skimming and cloning scams, the banking industry replaced magnetic strip cards with Pin and Chip cards. These payment cards host embedded microprocessors which are difficult to clone except by the most determined of criminals. The Payment Card Industry Data Security Standard strongly recommends switching to these PIN-based cards because of Fort Knox-type security.

At the last Black Hat conference in Las Vegas, Karsten Nohl and hardware hacker Christopher Tarnovsky unlocked a heavily fortified chip card similar to those that support the EMV (Europay Mastercard and VISA) standard. Circuitry on the chip was microscopically analysed in conjunction with optical recognition software. A proprietary algorithm on the chip was uncovered allowing hackers to break or clone the card.

Degate, a publicly available tool developed to analyse small silicon structures, makes it possible for amateur hackers to dissect smart card chips. It is time for the banking industry to start looking for alternative security schemes.

Comments

Post a Comment

Popular posts from this blog

Want to test midlets on real phones?

Most mobile phone manufacturers offer emulators to help developers with software tests. Java and C++ programming environments usually provide plug-in facilities for emulators . Products such as Pulsar go a step further to integrate and maintain the entire development space. Although emulators catch a fair amount of design and runtime errors, software behaviour on real phones is unpredictable. For most developers it is not financially feasible to test the behaviour of their mobile applications on all target platforms. To get around this obstacle some companies offer on-line services that allow for application testing on real devices. These services are often expensive. In software provided by phone manufacturers multiple instances of the emulator are invoked to simulate the behaviour of federated handsets. One solution is to run an instance of the application on a PC and set up a local communication channel with a real phone. A neat, inexpensive and elegant solution is availab
Read more

Whose Shilling?

Image
Zimbabwe is Africa's Lazarus. The economy is in tatters, the citizenry of this great nation are despondent but Robert Gabriel Mugabe remains firmly in charge. For the time being. Many believe that only South Africa is in a position to determine the destiny of Zimbabwe. Yet President Thabo Mbeki, save for his quiet diplomacy, appears disinterested in employing enough downward pressure for Mr. Mugabe to repent his sins and thereby rid the Zimbabweans of their current economic woes. What exactly does Mr Mugabe have on Mbeki? In exile Mbeki lived, at different times, in the United Kingdom, Botswana and Zambia. He hardly was guest of the Mugabe's. On that score alone, Mbeki does not owe Robert a good turn. Of the two neighbours, Zimbabwe is most reliant on the other. Zimbabwe relies on South Africa's ports for her exports and imports. She draws electricity and routes her telecommunication traffic through her southern neighbour. South Africa is one of Zimbabwe's m
Read more

Free mobile-to-mobile calls

A mobile phone is a miniature telephone exchange. It accepts incoming calls, initiates outgoing calls and can act as a repeater by forwarding calls or as a switch through teleconferencing. These are the basic features of a telephone exchange. TerraNet , a Swedish firm, has exploited these features to facilitate free mobile-to-mobile calls. Using peer-to-peer technology, a cluster of mobile phones can communicate without the need to go through a base station (switch) provided they are within 1,000m of each other. This technology, being trialled in Ecuador and Tanzania, is perfect for developing countries where infrastructure is as limited as disposable income. Because mobile phones can forward calls, the effective communication distance can be extended from a 1 kilometer radius to about 20 kilometers. That is sufficient to cover most rural communities and, for example, university campuses. Like Skype , this is a subvertive, effective and disruptive technology. While manufacturers
Read more