Chip and No PIN – simple failure of protocol when verifying PIN.

We demonstrate a middleperson attack on EMV which lets criminals use stolen chip and PIN cards without knowing the PIN.

This is an epic fail on the part of the designers of the specification. No doubt people will say “the spec is fine, it’s the implementation”. You shouldn’t have given free reign into how it was implemented in that case.

Leave a Reply

Your email will not be published. Name and Email fields are required.

This site uses Akismet to reduce spam. Learn how your comment data is processed.