Thursday, February 20, 2003

Phantom Debit Withdrawls

We present an attack on hardware security modules used by retail banks for the secure storage and verification of customer PINs in ATM (cash machine) infrastructures. By using adaptive decimalisation tables and guesses, the maximum amount of information is learnt about the true PIN upon each guess. It takes an average of 15 guesses to determine a four digit PIN using this technique, instead of the 5000 guesses intended. In a single 30 minute lunch-break, an attacker can thus discover approximately 7000 PINs rather than 24 with the brute force method. With a $300 withdrawal limit per card, the potential bounty is raised from $7200 to $2.1 million and a single motivated attacker could withdraw $30{50 thousand of this each day. This attack thus presents a serious threat to bank security.
http://cryptome.org/pacc.htm
Posted by at
Labels: ,

Popular Posts

  • Work
    I've learned a great many things over the past month... "friends" at work are not neccessarily friends, people you thought wer...
  • Penny Arcade
    Lots of funny stuff today. Tim, check this one. http://www.penny-arcade.com/view.php3
  • Case Made for Life on Jupiter Moon
    Brad Dalton is the first to admit his theory is far-fetched: that bacteria could account for odd light emissions, as well as the reddish hue...
  • Smallest Life Form Discovered
    In a mine in California, scientists found the smallest bacteria so far discovered -- living in conditions as acidic as battery acid. Why thi...
  • Who Owns Tomorrow?
    Some good stuff from a Canadian futurist: - The rising power of the knowledge worker - Continuous training replaces job security; respect is...
  • What the CEO wants you to know
    Very dry, dull book with some basic financial info like ROI and cash flow. Not a lot here.
  • IBM Think Conference Day 1
    ​I had the pleasure to attend the IBM Think conference in wet and chilly San Fran from Feb 11-14th of this year.  The event overall was ...
  • Cosmic Reality Check
    The probes findings have provided a few salient new notions about the nature of cosmic reality. For starters, the universe is 13.7 billion y...
  • Juno
    Good acting, great writing, but ultimately falls flat due to it's inner pretentiousness and consequence-free portrayal of teen pregnancy...
  • Sweet
    Want to know what the definition of sweet is? Maya went to the dentist today, got a needle, and got a filling for 45 minutes. They gave her ...

Like us on Facebook