1 min read

German Card PINs Exposed Through Vulnerable Magnetic Stripe Terminal

Liviu ARSENE

July 16, 2012

Promo Protect all your devices, without slowing them down.
Free 30-day trial
German Card PINs Exposed Through Vulnerable Magnetic Stripe Terminal

Card data and PIN numbers might be at risk when using Germany`s Hypercom Artema Hybrid card terminal. A critical security hole can easily be exploited via a TCP/IP connection by means of a buffer overflow attack that can take control of the device.

Without requiring hardware tampering, the security hole circumvents the Hardware Security Module, as demonstrated by Thomas Roth from Berlin-based Security Research Labs. Victims are unaware of the fraud, making the vulnerability all the more interesting as attackers can work their way to subsidiaries after hotels or supermarkets are compromised.

Attackers can log PIN numbers as customers swipe the magnetic stripe, leaving no trace of their activity as the payment transaction is issued. The vulnerability was reported to manufacturer VeriFone, which said it had trouble reproducing the hole “during a payment transaction.”

Because all German cards contain an anti-counterfeiting measure known as “machine-readable modulated,” duplicating and using them within the country is impossible.

The German banking industry association said duplicate cards with magnetic stripes cannot be used at cash points around the country but stolen data can be used abroad to cash out bank accounts.

Although both the manufacturer and the German banking industry association promised a timely fix, SRLabs CEO Karsten Nohl found that the processor’s Joint Test Action Group (JTAG) debug interface is also vulnerable.

tags


Author


Liviu ARSENE

Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past few years.

View all posts

You might also like

Bookmarks


loader