Researchers Punch Huge Hole in European Payment Cards

Cambridge payment card attack gate array board

Security researchers from the University of Cambridge have demonstrated a flaw with chip-bearing payment cards widely used throughout Europe that could potentially let criminals use any PIN code to confirm a transaction is legitimate, completely bypassing the card’s safety technology. The attack requires detailed knowledge of how the chip-and-PIN cards operate along with some external hardware: it basically executes a man-in-the-middle attack that fools point-of-sale terminals into believing they have received a valid PIN number, regardless of the digits entered.

In the program, a researcher illustrated the attack at a cafeteria at the University of Cambridge: wearing a backpack with a laptop computer and a field-programmable gate array board, he inserted a fake card into a sales terminal while connected to real payment cards. In each case, the the sales terminal accepted the transactions, even though the researcher entered a pin of “0000” in each case. Although the attack does require knowledge and hardware, researchers describe the level of sophistication of the attack as low, and the relatively compact equipment is unlikely to be noticed by typical shop or sales staff. The attack doesn’t work at ATM machines, but does work for most other online or offline payment card transactions.

“We have tested this attack against cards issued by most major UK banks,” said researcher Dr. Steven Murdoch, in a statement. All have been found to be vulnerable.”

“We’ve shown that it’s easy to use a card without knowing the PIN—and the receipt will say the transaction was ‘verified by PIN’ even though it wasn’t, “said Professor Ross Anderson. “”This is not just a failure of bank technology. It’s a failure of bank regulation. The ombudsman supported the banks and the regulators have refused to do anything. They were just too eager to believe the banks.”

The researchers informed the banking industry about the attack about two months ago; the researchers plan to publish their findings at the IEEE Symposium on Security and Privacy this May in California. Over 700 million chip-and-pin cards are in use around the world, including in most European countries and parts of Canada. The cards are not used in the United States, although there has been some discussion of introducing them.

Cambridge man-in-the-middle payment card attack

See the four cool Swatch watches you can use for mobile payments

Swatch has announced its Swatchpay technology is now available in Switzerland, enabling mobile payments from your Swatch watch. It works in a similar way to Apple Pay and Google Pay. Here's everything about it.

Pinning websites to your taskbar is as easy as following these quick steps

Would you like to know how to pin a website to the taskbar in Windows 10 in order to use browser links like apps? Whichever browser you're using, it's easier than you might think. Here's how to get it done.

Shutdown makes dozens of .gov websites insecure due to expired TLS certificates

The US government shutdown is causing trouble in internet security. As the shutdown enters day 22, dozens of government websites have been rendered insecure or inaccessible due to expired transport layer security (TLS) certificates.

Among hundreds of choices, these are the best 25 SNES games of all time

The Super Nintendo Entertainment System might be the greatest game console ever made, but what are the best titles for the system? Here are our picks for the best SNES games.

Make a GIF of your favorite YouTube video with these great tools

Making a GIF from a YouTube video is easier today than ever, but choosing the right tool for the job isn't always so simple. In this guide, we'll teach you how to make a GIF from a YouTube video with our two favorite online tools.

Apple Maps boosts Flyover locations, indoor mall maps, and more

In a boost for Apple Maps, the tech company has recently added more than 50 new locations for Flyover, the feature that offers spectacular 3D photo views of particular cities and famous landmarks around the world.
Smart Home

Booth babes, banned sex toys, and other mishaps at CES 2019

From female sex toys bans, to fake Tesla/robot collision stories, there was some weird stuff going on at CES 2019 this year. Here are some of the biggest mishaps and flubs at the world's biggest tech show.

Google has found a clever way to make your search history more useful

Google has found a clever way to make more use of your search history by showing links to pages you've visited before. Ideal for repeat searches for the same page, the links show up on cards at the top of mobile search results.

Our favorite Chrome themes add some much-needed pizzazz to your boring browser

Sometimes you just want Chrome to show a little personality and ditch the grayscale for something a little more lively. Lucky for you, we've sorted through the Chrome Web Store to find best Chrome themes available.
Social Media

A quick swipe will soon let you keep bingeing YouTube on mobile devices

The YouTube mobile app has a new, faster way to browse: Swiping. Once the update rolls out, users can swipe to go to the next (or previous) video in the recommended list, even while viewing in full screen.

Cathay Pacific messes up first-class ticket prices — again

A couple of weeks ago, an error on Cathay Pacific's website resulted in first-class seats selling for a tenth of the price. On Sunday, January 13, the airline made the error again. The good news is that it'll honor the bookings.

Reluctant to give your email address away? Here's how to make a disposable one

Want to sign up for a service without the risk of flooding your inbox with copious amounts of spam and unwanted email? You might want to consider using disposable email addresses via one of these handy services.
Social Media

YouTube to crack down on dangerous stunts like the ‘Bird Box’ challenge

YouTube already bans content showing dangerous activities, but new rules published by the site go into greater detail regarding potentially harmful challenges and pranks, including certain blindfold- or laundry detergent-based stunts.

Want to save a webpage as a PDF? Just follow these steps

Need to quickly save and share a webpage? The best way is to learn how to save a webpage as a PDF file, as they're fully featured and can handle images and text with ease. Here's how.