Tamper Resistant Point of Sale Machine Isn’t

When I see something labeled tamper-resistant or even tamper-proof I don’t assume it is secure I just think that it is a little more difficult to break into than something that isn’t tamper-resistant. Three researchers at the University of Cambridge have figured out that PIN entry keypads used for Chip+Pin transactions in the UK are anything but tamper-resistant. They have published a paper to show just how easy it is to break them open and record customer data as they swipe their cards and enter their pin numbers. I applaud their effort but all they had to do was look at what happened to Stop & Shop Supermarkets a few short months ago.

Here is some advice which you can use, at least here in the US, don’t trust those card swipe and pin entry machines at the checkout counter. Most Debit cards from US banks will also work as a VISA or MasterCard. If your at WalMart and you whip out the ATM card and the machine asks you for your PIN, hit cancel. If the checkout lady at the supermarket asks “Debit or Credit” always, always say credit. If that little machine at the checkout stand is secretly recording your card number at least you won’t also be giving it your PIN and complete access to your checking account. While this won’t stop fraud it will make the bad guys work a little harder. Hard enough perhaps that they skip your card and go to the next one. Not to mention that VISA and MasterCard probably offer a bit more fraud protection than your local bank.
 



This entry was posted in Commentary, Current Events, Snake Oil by Space Rogue. Bookmark the permalink.

About Space Rogue

Space Rogue is widely sought after by journalists and industry analysts for his unique views and perceptions of the information security industry. He has been called to testify before the Senate Committee on Governmental Affairs and has been quoted in numerous magazine and newspaper articles as well as appeared on such TV shows as News Hour with Jim Lehrer, CNN Nightly News, ABC News Online with Sam Donaldson, and others. A recognized name within the industry, Space Rogue has written articles that are often quoted or refered to by other major media outlets. He has spoken before numerous audiances including the Digital Messageing Association, Defcon, Pumpcon, HOPE, H2K, and others. As a former member of L0pht Heavy Industries, Space Rogue ran the widely popular Hacker News Network which quickly became a major resource on the Internet for daily information security news. Before HNN he ran the The Whacked Mac Archives, which at the time, was the largest and the most popular Macintosh security site on the net. Currently Space Rogue does consulting for various companies.

2 thoughts on “Tamper Resistant Point of Sale Machine Isn’t

  1. wow!!! now this is interesting… so those little machines can access accounts…well if i could hack those then i’d have access to peoples accounts,heeheehee… from now on i’ll
    by things cash!!! on a side note i went to the ATM today and as i was waiting for my turn, i peered over the other unused machine and i noticed that it was booting…from my view i saw how much RAm the michine had and then it booted into windows XP!!! i continued to watch and it went to a window to run the program but the name was to small for me to see…looks like alot of banks here run windows.. bad choice as there is so many trojens and viri just built for windows… well they snooze they loose hey :-P

  2. Pingback: SPACE ROGUE » More POS Hacks Grab CC Numbers

Leave a Reply