Arcturus banner

Arcturus banner

Wednesday, 12 January 2011

Banks Bash Cambridge Boffins over Chip & PIN Security Leak

Banks have been up in arms, and the UK Cards Association (UKCA) has written a letter of complaint, demanding that Cambridge University acts to withdraw from the internet a research paper by one of its students purporting to show how to defraud the Chip and PIN security system.

Student Omar Choudary of Darwin College caused a rumpus when he published his Advanced Computer Science Mphil research into authentication and mobile security on his own website, including information on how a simple device, called the Smartcard Detective,  could be manufactured for around for £20,  and used by fraudsters to make purchases without entering a PIN.

The UK was the first country in the world to roll out Chip & PIN technology, and  since it became mandatory there in 2006, there has been a dramatic reduction in card fraud.  The technology uses a magnetic strip to hold some financial details on the card account, but, as the PIN number is not stored there, it is hard for skimmers and other fraudsters to extract sufficient information to hack into a card account protected by this system.

Inevitably, both academics and hackers have been looking for chinks in the armour of the Chip & PIN system ever since its introduction. There have been some consumer reports of stolen cards and PIN numbers being used illegally, a claim strenuously denied by the banks and card issuers.
Melanie Johnson,  a former Labour MP and chair of the UKCA, the leading trade association for the cards industry in the UK, complained that the website ‘ oversteps the boundaries of what constitutes reasonable disclosure’ by providing too much detail on how Chip-and-PIN security could be breached.

Her letter, viewable via Mr Choudary’s website, casts doubt on the ability of his Smartcard Detective to defraud Chip & PIN security, and criticises the publication of the information for encouraging ‘nuisance attacks’ on the payment card system.  According to her letter, the police claim that Mr Choudary went so far as to falsify a card transaction in a Cambridge shop without first informing the merchant of his intentions.

In response to this,  Ross Anderson,  Professor of  Security Engineering at Cambridge University’s Computer Laboratory, has accused UKCA of  attempting to gag academics and prevent them from exposing weaknesses in card security systems.

.

1 comment:

  1. A group of people that will help with your problems and give you information that will help your life and you will able to do things freely being afraid that someone will question your actions contact them via email Premiumhackservices@gmail.com
    Text/call-+17078685071

    ReplyDelete