Chip-and-pin is easily hacked, say security experts


Touted as a more secure alternative to the regular magnetic stripe and signature credit cards, security experts have found that chip-and-pin isn’t nearly as secure as many of us might have thought.

A major vulnerability in the widely used chip-and-pin system has been discovered that can make an ATM machine spit out cash.

Security experts revealed the vulnerability which allows hackers to attach a cash machine and completely empty its contents.

The hack involves cyber criminals cloning the chip of a bank card that helps to authorise payments.

Ethical hackers from cyber security firm Rapid 7 were then able to make the machine literally spit out cash.

The hackers demonstrated their findings at the Black Hat security conference which was held in Las Vegas earlier this week and comes at a time when many countries are already using chip-and-pin or as in Thailand’s case, are starting to incorporate chip-and-pin technology.

Chip and pin hack. Image BBC

Chip and pin hack. Image BBC

“The state of chip and pin security is that it’s a little oversold,” Tod Beardsley from Rapid 7 told the BBC.

While Tod and his team didn’t reveal the full details of the hack – in order to keep the information from criminals – he did explain how the hack works.

RELATED: How to spot an ATM skimmer so criminals don’t steal your money

The vulnerability is exposed if when hackers modify the card read on an ATM or point of sale machine, fitting it with a small device known as a shimmer. The shimmer records the details of the cards, including the PIN and send this information to hackers.

They then use this information to withdraw money.

“I don’t have to open it up. It’s really just a card that is capable of impersonating a chip. It’s not cloning,” said Tod.

Rapid 7 have said they informed all major ATM manufacturers and banking institutions of their findings in order to further examine the vulnerability.


Comments are closed.