News

Researchers warn that emv chip for banking transactions is not secure

By admin
Spread the love

Cambridge University researchers have found a way to crack an emv chip. This would enable malicious parties to clone debit cards, which banks cannot distinguish from the real ones in the current situation.

The researchers published their findings in a paper on Monday, examining the EMV protocol. They write in their report that the emv chip is anything but safe and that practical research has shown this. This means that the chip, which was specifically introduced by the banks to prevent the copying of debit cards, cannot prevent someone from cloning a debit card.

With their research, the scientists uncover two ‘serious’ problems with the chip, which they say they both encountered in practice. The first problem relates to the authentication code, which the card generates for a transaction when someone inserts it into a terminal. That code should be completely random, so that malicious parties cannot generate the number in advance. However, due to a poor implementation of this function, no random figures are generated at all, according to the researchers after practical research.

Secondly, the research shows that both the payment terminal and the communication to the bank can be manipulated, with all the associated consequences. A malicious person, such as a programmer or a store owner, can make the payment terminal generate a number in future transactions by exploiting the poor implementation of the random function, tampering with the faulty code generator or changing the authentication code that is sent to the bank. Then, by adjusting the payment terminal, he can gain access to the bank card and thus request the authentication codes of the card. Finally, he loads it into a cloned card and can withdraw money with the same, manipulated payment terminal. “Because the codes of the cloned card match those of the ‘real’ card, the bank cannot distinguish between the two.”

The researchers are shocked by their findings and are therefore certainly not tender in their conclusion. “The emv protocol is the most widely used protocol for debit card payments worldwide. In Europe the protocol is almost universal, in Asia the banks are starting to use it and in North America it is in its infancy. The protocol has been in existence for ten years. circulation and more than a billion bank cards are equipped with it Only now are academics, journalists and the industry itself starting to scrutinize EMV. Time and again customers complained about fraud and were told by the banks that EMV is safe, that the customers were wrong or lied. And time and again the banks turned out to be wrong.”

According to the scientists, the banks may have denied the EMV problem or thought it was difficult to carry out an attack, because it requires access to physical bank cards and the possibility to modify the software on ATMs. Future protocols should be tested analytically in the future, they believe. “Meanwhile, systematic risks are facilitated by a structural managerial failure.”

You might also like
News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Rumor: Meta wants to release open source language model LLaMA as a paid product

News

Amazon goes to the EU Court for stricter supervision under the Digital Services Act

News

Chinese researchers brute force fingerprint scanner Android smartphones

News

‘Meta in talks to collaborate with augmented reality company Magic Leap’

News

Researchers show AI tool that can manipulate images with two mouse clicks

Exit mobile version