RE: Shell suspends chip and pin after £1m fraud

[David Biggins]

Looks like they successfully tampered with the "tamper-proof" terminals: 

http://publicservices.pipex.com/Pipex/News/Story_Page/0,13319,5337_120651=
7,00.html

Interesting that such a breach of a core aspect of the system's security can occur and yet APACS remain confident that it is not a systemic issue.

Dave.

> -----Original Message-----
> From: ukcrypto-admin@chiark.greenend.org.uk 
> [mailto:ukcrypto-admin@chiark.greenend.org.uk] On Behalf Of Ian Brown
> Sent: 08 May 2006 08:46
> To: ukcrypto@chiark.greenend.org.uk
> Subject: Re: Shell suspends chip and pin after £1m fraud
> 
> Peter Tomlinson wrote:
> > The PIN is encrypted in the keypad. So do the reports say 
> how it has 
> > been recovered?
> 
> I guess by getting access to the PIN before it enters the real keypad!
> (Or, for example as Ross Anderson hypothesised several years 
> ago, using a motion sensor under the keypad. Or training a 
> camera on the pad. Or no doubt many other attacks.)
> 
>