Comments on: Cards are OK, but is Chip & PIN OK ?

By: marcelo rodrigues

marcelo rodrigues — Mon, 30 Jul 2007 02:51:31 +0000

I guess if some expert programm a javaCard and install an EMV Fake Applet on it which could have been stolen from a “real” card (SDA), this migth work.
So card skimming should not be so difficult as they say, I mean, you only need a smart reader and some java cards.

By: Eric VÃ©tillard

Eric VÃ©tillard — Fri, 02 Mar 2007 10:07:32 +0000

Just like you, I don’t believe that the attack is feasible exactly as it is presented. However, it is nevertheless interesting for at least two reasons.

First, banking terminals can be fake, and this opens many other attacks. Then, card-like payment is being deployed in many new ways, like contactless payment and mobile payment, and similar may be easier in such settings.

More generally about the Cambridge guys, they are indeed publicity-hungry geeks. They may not be the best security researchers either, but their cheap stunts are useful to remind us about security.

By: Nigel Beatty

Nigel Beatty — Fri, 02 Mar 2007 08:53:42 +0000

Why describe this as a “nice” attack? It’s complete nonsense and nothing remotely like it would ever have a chance of performing a fraud in the real world. Those so-called researchers at Cambridge are just publicity-hungry geeks who should spend their research budgets on something of benefit instead of cheap stunts like this.