iTnews
  • Home
  • News
  • Technology
  • Security

Chip and pin vulnerable to relay attack

By Clement James
Feb 8 2007 9:50AM
Follow google news

Tetris hackers strike again.

Chip and pin vulnerable to relay attack
The Cambridge University computer scientists who hacked a chip and Pin terminal to play Tetris are back with a new exploit.

Saar Drimer and Steven Murdoch claimed that the system is vulnerable to a new kind of fraud which involves "relaying" information from a genuine card.

Using this technique, a chip and Pin terminal in a remote location could be made to accept a counterfeit card.

During a test described on the duo's Light Blue Touchpaper website, a fraudster sets up a fake terminal in a busy shop or restaurant.

When a genuine customer inserts their card into this terminal, the fraudster's accomplice inserts their counterfeit card into the merchant's terminal in another shop.

The fake terminal reads details from the genuine card, and relays them to the counterfeit card so that it will be accepted.

The Pin is recorded by the fake terminal and sent to the accomplice for them to enter, at which point they can walk off with the goods.

The researchers claimed that foul play would only be detected when the victim receives their statement.

"There will be nothing unusual about this transaction from the bank's perspective as it will seem as if the real card was used, with a chip and the correct Pin," the researchers said.

"It should also work equally well via a mobile phone to the other side of the world."

Drimer and Murdoch conceded that it is unlikely that criminals are using techniques such as this, as there are less sophisticated attacks to which chip and Pin remains vulnerable.

However, the researchers warned that, as security is improved, the relay attack may become a significant type of fraud.


Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
andattackchippinsecuritytovulnerable

Related Articles

  • US gov shortens cyber fix window to three days US gov shortens cyber fix window to three days
  • Anthropic releases Mythos-class model for public use Anthropic releases Mythos-class model for public use
  • Apple bumps up security in fresh operating system releases Apple bumps up security in fresh operating system releases
  • Meta accuses NSO Group of violating court order by WhatsApp spear phishing Meta accuses NSO Group of violating court order by WhatsApp spear phishing
Join our WhatsApp Channel

Partner Content

CommBank creates opportunities for technologists to upskill with frontier AI companies
Partner Content CommBank creates opportunities for technologists to upskill with frontier AI companies
Onel Consulting Strengthens Its White-Glove Services With Strategic COO Appointment
Promoted Content Onel Consulting Strengthens Its White-Glove Services With Strategic COO Appointment
Agile isn’t the problem: why projects still fail, and what’s missing
Partner Content Agile isn’t the problem: why projects still fail, and what’s missing
You meet the security standard. Shame no one can see it
Promoted Content You meet the security standard. Shame no one can see it

Sponsored Whitepapers

When cyber risk has no clear owner: A practical guide for senior Australian business leaders
When cyber risk has no clear owner: A practical guide for senior Australian business leaders
Agile in the AI Era: why projects still fail
Agile in the AI Era: why projects still fail
When Technology Becomes the Blocker: Unlocking Real Outcomes from AI and Cloud
When Technology Becomes the Blocker: Unlocking Real Outcomes from AI and Cloud
High-volume data sources for AI-driven security analytics
High-volume data sources for AI-driven security analytics
How healthcare organisations can get more value from cloud
How healthcare organisations can get more value from cloud

Events

  • iTnews State of Security Breakfast iTnews State of Security Breakfast
  • iTnews State of Data & AI Breakfast iTnews State of Data & AI Breakfast
  • Forrester's AI Forum Sydney Forrester's AI Forum Sydney
  • The 2026 iAwards The 2026 iAwards
  • Integrate 2026 Integrate 2026
Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Anthropic opens Claude Mythos Preview AI program to Australia

Anthropic opens Claude Mythos Preview AI program to Australia
Defence says Palantir is "sandboxed" in its environment

Defence says Palantir is "sandboxed" in its environment
Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases
Researchers build self-replicating AI worm with BYO LLM

Researchers build self-replicating AI worm with BYO LLM
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.