|
|
|
|
|
|
by JoelB
5818 days ago
|
|
|
From my understanding of smart cards, I don't see how this is possible. Communication between the card and the reader is typically done using encryption with a Diffie-Hellman key exchange with a man-in-the-middle resistant protocol. You would need to attack whatever encryption algorithm is being used, which is non-trivial even with physical access. You would need to either perform differential power analysis attack or a timing attack or attack a weakness in the algorithm. Seeing as how one of the primary purposes of smart cards was to eliminate skimming and similar attacks, I can't fathom why any reader would ever be created that didn't support session encryption. Why use a chip if it's basically the same as a magnetic stripe? I'll plead ignorance on the workings of the European debit system as I'm Canadian and we're just getting smart cards now. Does anyone have a better source than the linked article? EDIT: Nevermind, apparently the security was broken a while ago: http://www.cl.cam.ac.uk/research/security/banking/nopin/oakl... |
|
|