Bitcoin
$10,212.26 -1.48%
BTC · 4w

How Smartcard Payment Systems Fail (Black Hat 2014)

By Ross Anderson"The USA is starting to introduce EMV, the Europay-Mastercard-Visa system for making payments using chip cards instead of the old mag strip variety. EMV is already in wide use in Europe, and has started to appear in countries from Canada to India.In theory, smartcards should have reduced fraud by making bankcards much harder to copy and by enabling banks to authenticate users at the point of sale using PINs rather than signatures. The practice has been different. In Britain, for example, fraud first went up, then down, and is now headed upwards again. There have been many fascinating attacks, which I'll describe. The certification system wasn't fit for purpose, so terminals that were certified as tamper-resistant turned out not to be. We even saw Trojans inserted in the supply chain. A protocol flaw meant that a crook could use a stolen card without knowing the PIN; he could use a man-in-the-middle device to persuade the terminal that the card had accepted the PIN, while the card was told to do a signature-only transaction. Merchant refunds were not authenticated, so a crook could pretend to the bank that he was a merchant, and credit his card back after making a purchase.The most recent series of attacks exploit the freshness mechanisms in the EMV protocol. To prevent transaction replay, the terminal generates an ""unpredictable number"" while the card supplies an ""application transaction counter"" or ATC that is supposed to increase monotonically and never repeat. Yet the unpredictable numbers often aren't (in many of the terminals we looked at, they seem to be just counters) while many banks don't bother to check the ATC, as writing code to deal with out-of-order offline transactions is too much bother. As a result, we've seen some interesting attacks where cardholders unlucky enough to shop at a dishonest merchant find themselves dunned for a lot of large transactions later. In fact these ""preplay"" attacks behave just like card cloning, and...

Continue on youtu.be
Recent news
BTC -1.48% · twitter.com · 13h

IT BEGINS!! #Wyoming is the “#cryptocurrency haven of the United States,” as @GovernorGordon just officially proclaimed, kicking off the Wyoming #Blockchain Stampede! See you at @wyohackathon in Laramie this Friday-Sunday, and/or Task Force meeting Thursday-Friday! 🤠 @krakenfx

IT BEGINS!! #Wyoming is the “#cryptocurrency haven of the United States,” as @GovernorGordon just officially proclaimed, kicking off the Wyoming #Blockchain Stampede! See you at @wyohackathon in Laram...
BTC -1.48% · cryptochamp.com · 18h

What is the bitcoin halving? Only 242 days left!

A recurring question I hear from friends who are new to bitcoin is “What is the bitcoin halving?”. Bitcoin miners are incentivized to secure the bitcoin network with the coinbase reward. The coinbase ...