First published: 31st January 2007
UK researchers Saar Drimer and Steven Murdoch have modified a supposedly tamper-proof Chip and PIN terminal to play the Tetris game. Saar Drimer highlighted the threat, “It is important to remember, however, that even perfect tamper resistance only ensures that the terminal will no longer be able to communicate with the bank once opened. It does not prevent anyone from replacing most of the terminal’s hardware and presenting it to customers as legitimate, so freely collecting card details and PINs.”
The Association for Payment Clearing Services has confirmed the vulnerability, saying, “People could, in theory, use this to steal account details from cards”.