«
Expand/Collapse
20 items tagged "pin"
Related tags:
security [+],
hacks [+],
chip and [+],
chip and pin [+],
chip [+],
pin headers [+],
hackaday [+],
steven j. murdoch tags [+],
pin security [+],
pin header [+],
microcontrollers [+],
links [+],
dual row [+],
chaos communication congress [+],
card [+],
windfall [+],
wii [+],
weakness [+],
wallet [+],
uwe [+],
usa [+],
unspoken rules [+],
transportation [+],
touch interface [+],
tool [+],
tags hardware [+],
system [+],
surpress [+],
strength [+],
source [+],
solder [+],
smart card payments [+],
smart card payment [+],
shift registers [+],
shift [+],
security flaw [+],
sd card slot [+],
rpm [+],
robots [+],
read [+],
pressure sensors [+],
pin system [+],
pin numbers [+],
pin code [+],
phillip torrone [+],
passwords [+],
parallel input [+],
other security threats [+],
open source projects [+],
nintendo wii [+],
nintendo [+],
microcontroller [+],
machine [+],
mac [+],
leap [+],
keypads [+],
john [+],
iphone [+],
input side [+],
industry groups [+],
industry [+],
indicator [+],
header [+],
hardware hacking [+],
gps [+],
google [+],
exposed [+],
europe [+],
encryption features [+],
emv [+],
easily [+],
dip [+],
digit pin [+],
digit code [+],
digit [+],
definitely [+],
daniele [+],
counterfeit cards [+],
computer [+],
clock pins [+],
card payment systems [+],
car computer [+],
car [+],
canada [+],
cambridge [+],
busted [+],
broken [+],
breadboard [+],
ben [+],
bbc report [+],
banks [+],
auction [+],
attempt [+],
apple [+],
andrea barisani [+],
a. but [+],
HackIt [+]
-
-
7:01
»
Hack a Day
[JJ] picked up a Garmin Nuvi 780 GPS from an auction recently. One of the more frustrating features [JJ] ran into is it’s PIN code; this GPS can’t be unlocked unless a four-digit code is entered, or it’s taken to a ‘safe location’. Not wanting to let his auction windfall go to waste, [JJ] rigged [...]
-
-
14:01
»
Hack a Day
Another way to break out dual pin headers [Uwe] wrote in to share his technique for breaking out dual pin headers. He uses two single pin headers, a piece of protoboard, and a dual row pin socket to make an adapter. This is removable where the other method we saw this week was not. Web-based [...]
-
-
15:01
»
Hack a Day
[John] wrote in with a solution to a prototyping issue that has vexed us for quite some time. Above you can see the DIP friendly solution for dual-row pin headers which he came up with. With just a bit of easy soldering he now has a breadboard friendly device for prototyping. He starts by soldering [...]
-
-
14:01
»
Hack a Day
If we wanted to take a look at the statistics behind 4-digit pin numbers how could we do such a thing? After all, it’s not like people are just going to tell you the code they like to use. It turns out the databases of leaked passwords that have been floating around the Internet are [...]
-
-
21:55
»
SecDocs
Authors:
Steven J. Murdoch Tags:
bank smart card Event:
Chaos Communication Congress 25th (25C3) 2008 Abstract: PIN entry devices (PED) are used in the Chip & PIN (EMV) system to process customers' card details and PINs in stores world-wide. Because of the highly sensitive information they handle, PEDs are subject to an extensive security evaluation procedure. We have demonstrated that the tamper protection of two popular PEDs can be easily circumvented with a paperclip, some basic technical skills, and off-the-shelf electronics.
-
-
21:40
»
SecDocs
Authors:
Steven J. Murdoch Tags:
bank smart card Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: EMV is the dominant protocol used for smart card payments worldwide, with over 730 million cards in circulation. Known to bank customers as “Chip and PIN”, it is used in Europe; it is being introduced in Canada; and there is pressure from banks to introduce it in the USA too. EMV secures credit and debit card transactions by authenticating both the card and the customer presenting it through a combination of cryptographic authentication codes, digital signatures, and the entry of a PIN. In this paper we describe and demonstrate a protocol flaw which allows criminals to use a genuine card to make a payment without knowing the card’s PIN, and to remain undetected even when the merchant has an online connection to the banking network. The fraudster performs a man-in-the-middle attack to trick the terminal into believing the PIN verified correctly, while telling the issuing bank that no PIN was entered at all. The paper considers how the flaws arose, why they remained unknown despite EMV’s wide deployment for the best part of a decade, and how they might be fixed. Because we have found and validated a practical attack against the core functionality of EMV, we conclude that the protocol is broken. This failure is significant in the field of protocol design, and also has important public policy implications, in light of growing reports of fraud on stolen EMV cards. Frequently, banks deny such fraud victims a refund, asserting that a card cannot be used without the correct PIN, and concluding that the customer must be grossly negligent or lying. Our attack can explain a number of these cases, and exposes the need for further research to bridge the gap between the theoretical and practical security of bank payment systems. Smart cards have gradually replaced magnetic strip cards for point-of-sale and ATM transactions in many countries. The leading system, EMV (named after Europay, MasterCard, and Visa), has been deployed throughout most of Europe, and is currently being rolled out in Canada. As of early 2008, there were over 730 million EMV compliant smart cards in circulation worldwide. In EMV, customers authorize a credit or debit card transaction by inserting their card and entering a PIN into a point-of-sale terminal; the PIN is typically verified by the smart card chip, which is in turn authenticated to the terminal by a digital certificate. The transaction details are also authenticated by a cryptographic message authentication code (MAC), using a symmetric key shared between the payment card and the bank that issued the card to the customer (the issuer). EMV was heavily promoted under the “Chip and PIN” brand during its national rollout in the UK. The technology was advertised as a solution to increasing card fraud: a chip to prevent card counterfeiting, and a PIN to prevent abuse of stolen cards. Since its introduction in the UK the fraud landscape has changed significantly: lost and stolen card fraud is down, and counterfeit card fraud experienced a two year lull. But no type of fraud has been eliminated, and the overall fraud levels have actually risen (see Figure 1). The likely explanation for this is that EMV has simply moved fraud, not eliminated it. One goal of EMV was to externalise the costs of dispute from the issuing bank, in that if a disputed transaction has been authorised by a manuscript signature, it would be charged to the merchant, while if it had been authorised by a PIN then it would be charged to the customer. The net effect is that the banking industry, which was responsible for the design of the system, carries less liability for the fraud. The industry describes this as a ‘liability shift’. In the past few years, the UK media have reported numerous cases where cardholders’ complaints have been rejected by their bank and by government-approved mediators such as the Financial Ombudsman Service, using stock excuses such as ‘Your card was CHIP read and a PIN was used so you must have been negligent.’ Interestingly, an increasing number of complaints from believable witnesses indicate that their EMV cards were fraudulently used shortly after being stolen, despite there having been no possibility that the thief could have learned the PIN. In this paper, we describe a potential explanation. We have demonstrated how criminals can use stolen “Chip and PIN” (EMV) smart cards without knowing the PIN. Since “verified by PIN” – the essence of the system – does not work, we declare the Chip and PIN system to be broken.
-
-
7:01
»
Hack a Day
Solder Your Pin headers Straight If you’re worried about how to solder your pin headers straight, why not try this simple trick and put them into a breadboard before soldering? Etiquette for Open Source Projects If you use or develop open source projects, it’s worth checking out [Phillip Torrone]‘s Unspoken rules of Open Source article. [...]
-
-
11:01
»
Hack a Day
Here’s an interesting article about reading data from shift registers using less than three pins. 74HC165 shift registers are a popular choice for adding inputs to a microcontroller. They have a parallel input register which can be read using the latch, then shifted into a microcontroller via the data and clock pins. For those counting, [...]
-
-
7:39
»
Hack a Day
[Ammon Allgaier] built a tool that can break apart pin headers with a high level of precision. In the video after the break he demonstrates the built-in features. They include an adjustable stop to select the number of pins you’d like in each chopped segment. There’s also a small groove in the input side which [...]
-
-
4:58
»
Hack a Day
[DeadlyFoez] wanted to know when the SD card in his Nintendo Wii was in use. He built and indicator LED using a PICAXE 08M and added it next to the SD slot. He uses one pin of the microcontroller to monitor the voltage on one pin of the SD card slot. That pin has a [...]
-
-
13:00
»
Hack a Day
[Ben's] added some nice goodies to his Volvo in the form of an in-dash computer. The system monitors two pressure sensors for boost and vacuum, as well as reading RPM, O2, and exhaust directly. All of this is tied into the touch interface running on an eeePC 900A. But our favorite feature is that the [...]
-
-
9:56
»
Hack a Day
Another exploit has been found in the Chip and PIN system. The exploit is a man-in-the middle attack that wouldn’t take too much know-how to pull off. You can watch the BBC report on the issue or check out the paper (PDF) published by the team that found the vulnerability. A stolen card resides in [...]
0day.today (was: 1337day, Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Packet Storm Security Headlines (20 unread)
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Wirevolution