430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Chip-and-PIN technology has been compromised

A new report published by the popular investigator Brian Krebs show how cyber criminals have compromised chip-and-PIN technology. Recently chip-and-PIN technology started to be adopted in the US because it would improve the security for the customers, merchants and financial institutions. This is true, but the problem is that when the market pushes in one […]

Chip-and-PIN technology has been compromised

A new report published by the popular investigator Brian Krebs show how cyber criminals have compromised chip-and-PIN technology.

Recently chip-and-PIN technology started to be adopted in the US because it would improve the security for the customers, merchants and financial institutions. This is true, but the problem is that when the market pushes in one direction, in this case the adoption of the chip-and-PIN technology, crooks exploit to ways to compromise it.

A new “shimmer”  was found in Mexico, “shimmer” means that a shim is between the chip of the user’s card and the chip reader in the ATM, making possible to record the data from the card while the ATM is reading it.

This new “shimmer” was exposed by Brian Krebs in his blog, the popular expert explains that no special access is required to add the hack component to the ATM, because the component is added from outside.

Chip-and-PIN technology has been compromised 2

The component that you can see was found inside a Diebold Opteva 520 with dip reader (a dip reader is a type of card reader that requires you to insert your card and remove it quickly).

This “traps” are starting to increase, and that means that the crooks need physical access to the ATM.

The new generation of traps, come equipped with a GSM module to send encrypted card data back to the crooks, and spy cameras are also installed above the ATM keyboards, of course a fake numerical keyboard installed by criminals.

Other new ways of exploiting the chip-and-PIN technology is being used by crooks consist in:

  • Using SMS to get money from ATMs using malicious codes.
  • In restaurants using an electronic soldering tool and instead of the card chip they use a phone SIM card.

The findings of the Kreb’s report demonstrate that is wrong to assume that just because you use chip-and-PIN technology you are safe.

In addition, Banks need to have a more aggressive posture when dealing with card frauds and keep in mind that Crooks are always working to take advantage of a new technology.

About the Author Elsio Pinto

Elsio Pinto is at the moment the Lead Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog http://high54security.blogspot.com/

Pierluigi Paganini

(Security Affairs – card fraud, Chip-and-PIN technology)