Crack Chip And Pin

      Комментарии к записи Crack Chip And Pin отключены

Уважаемый гость, на данной странице Вам доступен материал по теме: Crack Chip And Pin. Скачивание возможно на компьютер и телефон через торрент, а также сервер загрузок по ссылке ниже. Рекомендуем также другие статьи из категории «Кряки».

Crack Chip And Pin.rar
Закачек 1836
Средняя скорость 7348 Kb/s

Crack Chip And Pin

Crime gangs have cracked the chip and pin system, leaving millions of British bank accounts at risk of being plundered.

The chip and pin system is being exposed

Banks and customers are powerless to pre-vent the thieves helping themselves to their cash, experts warned.

Thousands of accounts have already been hit by the crooks, who are stealing codes from card readers at shop checkouts.

Anyone who uses a chip and pin card to pay for their shopping is a potential target.

Gangs are hiding devices inside card readers to reveal customers’ pin numbers.

These are emailed across the world and used to clone a new card, which is then utilised to empty the victims’ bank accounts.

If people want to be sure fraudsters won’t get hold of their data they shouldn’t use their debit or credit cards

Andrew Goodwill, of fraud monitoring firm 3rd Man Group

The fake cards have been used as far afield as India, Pakistan, Canada and several African countries.

Andrew Goodwill, of fraud monitoring firm 3rd Man Group, said: “There is absolutely nothing anyone can do about it. The devices look no different to those that haven’t been tampered with.”

The scam was revealed yesterday after a police raid in Birmingham on Monday uncovered stolen chip and pin terminals, account numbers and counterfeit magnetic stripe cards.

The Dedicated Cheque and Plastic Crime Unit, which uncovered the fraud, warned: “It should be noted that the criminals have overcome the security features of several different manufacturers.”

Officers investigating the highly organised gang with international links have already uncovered at least 100 compromised machines.

Mr Goodwill added: “If people want to be sure fraudsters won’t get hold of their data they shouldn’t use their debit or credit cards.”

The security breach has been an open secret in the industry but operating chiefs have tried to keep it quiet to avoid spreading panic.

Sandra Quinn, of the payments association Apacs, said yesterday: “They steal readers from retailers, cracking them open, and try to recreate one and then put it back in a shop.

“We have been aware that this has been going on because police have been getting reports that terminals are being stolen.”

Shop owners said the scam could see a return to cash. The Federation of Small Businesses said: “Plastic is very popular but now we could see a return in the popularity of cash, which has been in decline.”

When chip and pin was made compulsory in 2006, the industry said it would slash credit card fraud.

The Financial Ombudsman Service receives around 100 cases a month about disputed withdrawals.

The British Retail Consortium said last night: “UK retailers always take the protection of cardholder data seriously and are continuing to invest millions of pounds to enhance existing security measures.”

The chip-and-PIN ATM card technology is not really new anymore as it has been in use in the UK since 2003 and recently the US has been adopting it. It has many advantages over the older magnetic stripe such as it being more secure and it’s not damaged by magnetic fields. Hackers are always out and about trying to crack security systems but it’s easier said than done hence it has been in use since a long time and only now and it has been compromised as well and now they can hack the system and steal your cash. It’s not as easy as on a magnetic stripe card but it’s still very much possible with the right technique and tools. So far theoretically it was impossible because the security protocols encrypted data much more securely as compared to a magnetic stripe card which holds all the data on the magnetic stripe on the back of the card.

US adopted this new system because it would improve the security for the customers, merchants and financial institutions. This is true, but the problem is that when the market pushes in one direction, in this case the adoption of the chip-and-PIN technology, crooks exploit to ways to compromise it.

A new “shimmer” was found, that can be inserted directly in the mouth of the ATM card receptacle, between the chip of the user’s card and the chip reader in the ATM, making possible to record the data from the card while the ATM is reading it. It is fast as it works on dip readers as well (the kind of card reader that requires you to briefly insert your card and then quickly remove it) The device is inserted from the outside of the ATM and no access is required to the ATM internals. Together with a hidden camera and/or a fake PIN keyboard, this can be a deadly combo to steal money.

Using X-Ray scan and other microscopic scans, the researchers figured out that the criminals actually inserted a second chip onto stolen chip-and-PIN cards, enabling them to duplicate the PIN verification on many registers’ point-of-sale (POS) terminal.

The fake chip, known as a FUNcard, enabled the thieves to carry out a Man In The Middle attack, which involves intercepting communications on the point-of-sale (POS) terminal. When a shopper inserts his or her card into a POS terminal, the terminal automatically tries to verify its authenticity. In this case, the FUNcard is waiting with its own, fake “Yes” signal when the authenticity check arrived.The attacker intercepts the PIN query and replies that it’s correct, whatever the code is.

Until 2011, the concept of spoofing the PIN on a chip-and-PIN card was largely theoretical. A group of Cambridge University researchers discovered similar flaws, but this crime ring appears to have been the first time the trick has been practically implemented. Malicious software used on ATMs in Russia and Europe has also broken through chip-and-PIN safeguards, allowing thieves to drain ATMs of cash in at least one case as reported by several news outlets.

We think this was coming, as we mentioned earlier than any man-made technology has the risk of being reverse-engineered, manipulated or hacked in some way sooner or later. We hope that the companies responsible for ATM security protocols devise better safeguards and close any loopholes to avoid huge monetary losses in the future.

It is also pertinent to mention here that this new technology is now also being introduced in the Pakistani market. Banks like UBL, HBL and Faysal Bank are now offering these new chip based cards. However chip-and-PIN technology might totally not be implemented in its true form because the banks have still not implemented the PIN codes and customers still have to manually sign their receipts. The Government is considering a regulation to enforce banks to move from magnetic stripe to Chip-and-PIN within 3 years however this might get delayed as we don’t have any data for ATM fraud yet because no bank publishes it as well as the fact that Chip-and-PIN cards are more expensive than the current magnetic stripe ones. Even though this newer technology has been compromised we feel that it should be definitely implemented in Pakistan soon.

A Cambridge University researcher has published software and hardware details of a device that can be used to fool the encryption used in credit card chip-and-PIN transactions

By Tom Espiner | October 25, 2010 — 16:08 GMT (09:08 PDT) | Topic: Security

Software to crack the encryption used by credit card chip-and-PIN readers has been publicly released on the web.

Cambridge University research student Omar Choudary open-sourced and published the code on Wednesday, along with technical details of hardware used in the Smart Card Detective, a device he built and used to modify a transaction between a credit card and a reader.

«The device can modify communications between a credit card and a terminal,» Choudary told ZDNet UK. «It looks at the commands between the terminal and the card, sees the PIN requested and replaces the PIN.»

Using the Smart Card Detective, Choudary said he was able to carry out a card transaction without a valid PIN. Instead, he successfully modified the EMV — Europay, MasterCard, Visa — protocol that underlies chip-and-PIN validation.

Choudary built the device to provide a practical demonstration of Cambridge University research, including a crack of chip and PIN published in February. While the earlier researchers constructed a device to demonstrate their method, they did not publish the software they used or details of circuit boards.

«I would like this as an open framework for research to investigate how the protocol works, and to secure what’s remaining,» said Choudary.

As the hardware plans and software are now available publicly, they could be used by criminals to commit card fraud. Choudary responded to a question about this risk by saying that full disclosure of the details was necessary to get banks to tighten up the security of chip and PIN.

«We told banks about this nine months ago — there’s no point in hiding it,» he said. «The banks already know about the device, and the idea is that this gets fixed.»

Choudary said that he had successfully tested the device in an HMV store in Cambridge. «At the beginning, that shop was not aware [that the transaction was invalid],» he said. «They didn’t detect anything.»

HMV only became aware of the faked transaction when Choudary alerted it to the test, he added.

The UK Payments Association, which represents the interests of payment cards companies, said that an attack using the device would be unlikely to be carried out by anyone other than researchers.

«Such a public disclosure [of hardware and software]. does help to increase the criminals’ knowledge base, so is not ideal. But we still believe that it is unlikely that criminals will be motivated to undertake an attack such as this,» said the association’s spokesman Mark Bowerman.

Criminals need to get hold of a physical card to perpetrate the attack, Bowerman noted. Once they have one, they would be more likely to use it for fraud where a physical card is not needed, such as online fraud, rather than use a device to fool a card reader, he said.

«Essentially this is a difficult and complex fraud to carry off, and we have seen no evidence of criminals attempting it in the real world,» he said. «It is a complex fraud, it doesn’t work if the victim has reported their card lost or stolen, [and] it is technically possible for card issuers to detect such an attack in the live environment.»


Статьи по теме