Académique Documents
Professionnel Documents
Culture Documents
ICC 6 smart#ard
." H" M'rdo#h- ." %rimer- =" Anderson- M" Bond- 8Chip and PIN
is Broken9 / ;niversity of Cambridge
the terminal talks to the #ard via AP%; messages for reading
re#ords and iss'ing #ommands
Examples:
00A404000E315041592E5359532E4444463031 <- Select '1PAY.SYS.DDF01'
0020008008246666FFFFFFFFFF <- e!"#$ P%& ''6666'(
if yo' think that the amo'nt of websites that do not #he#k the
se#'rity #ode is negligible"""think again
.%A #ards #an be #loned and 'sed witho't PIN for offline
transa#tions only 08<es9 #ard2
does state of the art EMV 'sage really prote#t against PIN
harvesting and therefore the 'se of stolen #ards,
Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4
Cardholder verifi#ation
stealing an EMV #hip & pin #ard that was previo'sly skimmed
enables f'll 'sage and raises serio's liability #onsiderations
Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4
Vendor =esponse
EMVCo anno'n#ed that the hole will not be fi7ed saying that
8when the f'll payment pro#ess is taken into a##o'nt- s'itable
#o'ntermeas'res are available9