Researchers Punch Huge Hole in European Payment Cards

Cambridge payment card attack gate array board

Security researchers from the University of Cambridge have demonstrated a flaw with chip-bearing payment cards widely used throughout Europe that could potentially let criminals use any PIN code to confirm a transaction is legitimate, completely bypassing the card’s safety technology. The attack requires detailed knowledge of how the chip-and-PIN cards operate along with some external hardware: it basically executes a man-in-the-middle attack that fools point-of-sale terminals into believing they have received a valid PIN number, regardless of the digits entered.

In the program, a researcher illustrated the attack at a cafeteria at the University of Cambridge: wearing a backpack with a laptop computer and a field-programmable gate array board, he inserted a fake card into a sales terminal while connected to real payment cards. In each case, the the sales terminal accepted the transactions, even though the researcher entered a pin of “0000” in each case. Although the attack does require knowledge and hardware, researchers describe the level of sophistication of the attack as low, and the relatively compact equipment is unlikely to be noticed by typical shop or sales staff. The attack doesn’t work at ATM machines, but does work for most other online or offline payment card transactions.

“We have tested this attack against cards issued by most major UK banks,” said researcher Dr. Steven Murdoch, in a statement. All have been found to be vulnerable.”

“We’ve shown that it’s easy to use a card without knowing the PIN—and the receipt will say the transaction was ‘verified by PIN’ even though it wasn’t, “said Professor Ross Anderson. “”This is not just a failure of bank technology. It’s a failure of bank regulation. The ombudsman supported the banks and the regulators have refused to do anything. They were just too eager to believe the banks.”

The researchers informed the banking industry about the attack about two months ago; the researchers plan to publish their findings at the IEEE Symposium on Security and Privacy this May in California. Over 700 million chip-and-pin cards are in use around the world, including in most European countries and parts of Canada. The cards are not used in the United States, although there has been some discussion of introducing them.

Cambridge man-in-the-middle payment card attack
Emerging Tech

Would you swap your keycard for a microchip implant? For many, the answer is yes

Put down your keycard! More people are turning to implanted RFID chips as their choice of workplace identification. Should we be worried about a world in which employees get microchipped?
Emerging Tech

Ghostly galaxy discovered lurking on the edge of the Milky Way

A team of astronomers from the University of Cambridge have discovered a strange galaxy next door to the Milky Way. The dwarf galaxy, named Antlia 2, is dark and dim and gives out much less light than expected.
Product Review

This featherweight Fossil might be the lean smartwatch you've been waiting for

Fossil has released its first-ever smartwatch featuring Qualcomm’s Snapdragon Wear 3100. For $255, it comes equipped with a heart-rate sensor, built-in GPS, and more, but does the Fossil Sport live up to the hype? We take a closer look.

Every rumor about the PS5, including a new game from Luminous Productions

PlayStation 5 rumors have been circulating for over a year now but there's still plenty we don't know. Here's everything you need to know about the PS5, including rumors about its release, specs, and games.

Apple to boost its Amazon presence with listings for iPhones, iPads, and more

Apple is about to start offering more of its kit on Amazon. The tech giant currently only has very limited listings on the shopping site, but the deal will see the arrival of the latest iPhones, iPads, MacBooks, and more.

If you've lost a software key, these handy tools can find it for you

Missing product keys getting you down? We've chosen some of the best software license and product key finders in existence, so you can locate and document your precious keys on your Windows or MacOS machine.

Zoom in on famous works through the Art Institute of Chicago’s new website

Art lovers, listen up. The Art Institute of Chicago has given its website a serious makeover with new features that let you get up close and personal with more than 50,000 artworks by famous (and not so famous) artists.

Will Chrome remain our favorite web browser with the arrival of newest version?

Choosing a web browser for surfing the web can be tough with all the great options available. Here we pit the latest versions of Chrome, Opera, Firefox, Edge, and Vivaldi against one another to find the best browsers for most users.

Over a million veterans now eligible for Comcast’s Internet Essentials program

Comcast's low-cost Internet Essentials program, which provides internet access for just $10 per month, has expanded to include U.S. veterans. One million veterans now qualify for the service.

Google’s Squoosh will get an image web-ready with in-browser compression

Google's latest web app development is an image editing and compression tool, Squoosh. In just a few clicks, it can take a huge image and make it much lighter and web-friendly, all in your browser.

Want to save a webpage as a PDF? Just follow these steps

Need to quickly save and share a webpage? The best way is to learn how to save a webpage as a PDF file, as they're fully featured and can handle images and text with ease. Here's how.
Social Media

‘Superwoman’ YouTuber Lilly Singh taking a break for her mental health

Claiming to be "mentally, physically, emotionally, and spiritually exhausted," popular YouTuber Lilly Singh has told her millions of fans she's taking a break from making videos in order to recuperate.
Smart Home

Amazon has a huge team dedicated to enhancing Alexa and Echo

An Amazon executive on Tuesday, November 13 revealed the huge size of the team that's tasked with developing the Echo, the company's smart speaker, and Alexa, the digital assistant that powers it.

Here's our head-to-head comparison of Pandora and Spotify

Which music streaming platform is best for you? We pit Spotify versus Pandora, two mighty streaming services with on-demand music and massive catalogs, comparing every facet of the two services to help you decide which is best.