ATM PINs vulnerable to cracking, Israeli researchers say
Everyone relies on their ATM cards pretty frequently -- after all, there's no better (or, often, more necessary) way to start your evening than with a $40 quickdraw from your favorite local money machine. Well, you may want to think twice (that is, if you're among the paranoid security-minded types) next time you whip out that thin piece of plastic. A group of researchers at Algorithmic Research (ARX), an Israeli security firm, published a paper two weeks ago describing a very serious flaw inherent in most ATMs. Apparently, between the time that you input your PIN and the time that the machine spits out your cash, a dataset containing your PIN and account number is encrypted and decrypted a few times while being routed along the banking network -- and somewhere along that point, it's conceivable that those numbers could be intercepted. MSNBC reports that while no attacks using this method have been detected, the US Secret Service is already on the case, and that while Visa and the American Bankers Association are acknowledging the problem, both are dismissing the hacking scenario as being unlikely. Still, we might consider busting out that money belt sometime soon, getting the USSS on the job means it could be big. [Warning: PDF link][Via MSNBC]
Filed under: Misc. Gadgets
Reader Comments (Page 1 of 1)
its420 @ Dec 1st 2006 10:36PM
no photo tutorial?
John Doe @ Dec 2nd 2006 1:29AM
I use an ATM about once per month. By and large I use my check card for most transactions. So no big deal here. Actually there are really only two places that don't take plastic that I go to anymore. The movie theatre and some little cafe in the basement of the tower I work in.
Wonderboy @ Dec 2nd 2006 9:14AM
When you use your check card as debit your pin number and other info is also encrypted and sent over phone lines... so you're still susceptible.
If you're using your check card as credit, it's your card number and other info is sent... so either way you're just as vulnerable. The only true protection against this is to use cash. Not even paper checks, cause those are easily forged. Of course, cash is easily stolen with no possibility of insured refund...
I'm going back into my tin-foil lined bunker.
RijilV @ Dec 2nd 2006 3:02AM
"MSNBC reports"
Ah, the voice of the security world...
Seriously though, the 3des that ATMs use has been under fire for some time now, over a year ago researchers showed that with little more than $1,000 worth of FPGA you can break the 3DES in little more than a day.
Also, most ATMs run Micro$oft Windows, and who knows who goes there to install the security updates...
nick @ Dec 2nd 2006 8:42AM
Not really a concern.. But, just in case, that's why I have two personal accounts. One account for my ATM and spending cash.. and the other for my personal finances, etc.
(nicholas)
http://www.tingog.com
Fezmid @ Dec 2nd 2006 10:30AM
The real answer is to use credit cards, NOT debit cards. If someone steals that, who cares? The CC company is responsible for the losses, not you.
Why risk your own money when you can risk someone elses instead?
tras @ Dec 3rd 2006 2:15AM
That's the probelms with the banking system. They nickle and dime you for profit but do very little to make it more secure. Checks are outdated and can be easily printed with someone elses routing numbers. Debit cards have their own security issues as indicated in this article and if someone finds your pin you're liable for the loss. Their new cards that you just wave in front of a sensor to transmit the banking data can be stolen by someone with a hacked sensor in a dufflebag that bumps up against your wallet. As someone else has mentioned, it's probably best to use a credit card (as long as you pay it off monthly) since if it's stolen or falsely charged to, you have a better chance of getting your money back. The two accounts is a good idea too.
ATMSKIMMERS4SALE @ Mar 10th 2009 9:28AM
we are engineers we can build you any type of atm skimmer for any atm model you want we build them upon request if you want real atms
skimmers and tired of looking tired of getting ripped off them were the ones to trust stop looking on online forums for atm skimmer the
truth is you will never find a real seller that will delver your atm skimmer all you will find all over the net are rippers fakes that have
nothing to sell our service is the best you want real skimmers built then come to us and stop looking on online forums before you lose your
money to ripper email me
my email = atmskimmers4sale@gmail.com
ICQ: 375934225