Switch branches/tags
Nothing to show
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
..
Failed to load latest commit information.
README
blackhat_df-whitepaper.pdf
blackhat_df-whitepaper.txt
emv_2011.pdf
emv_2014.pdf

README

Authors: Andrea Barisani <andrea@inversepath.com>  (2011, 2014)
         Daniele Bianco <daniele@inversepath.com>  (2011, 2014)
         Adam Laurie       <adam@aperturelabs.com> (2011)
         Zac Franken        <zac@aperturelabs.com> (2011)

Title:              Chip & PIN is definitely broken
First presentation: March 2011 - CanSecWest

Title:              Practical EMV PIN interception and fraud detection
First presentation: December 2014 - 31C3

Video: https://www.youtube.com/watch?v=_Ai-3NG2UVA

- Abstract (2011) -------------------------------------------------------------

The EMV global standard for electronic payments is widely used for
inter-operation between chip equipped credit/debit cards, Point of Sales
devices and ATMs.

Following the trail of the serious vulnerabilities published by Murdoch and
Drimer's team at Cambridge University regarding the usage of stolen cards, we
explore the feasibility of skimming and cloning in the context of POS usage.

We will analyze in detail EMV flaws in PIN protection and illustrate skimming
prototypes that can be covertly used to harvest credit card information as well
as PIN numbers regardless the type/configuration of the card.

The attacks are believed to be unreleased so far to the public (which however
does not mean fraudster are not exploiting them) and are effective in bypassing
existing protections and mode of operations.

As usual cool gear and videos are going to be featured in order to maximize the
presentation.

- Abstract (2014) -------------------------------------------------------------

The EMV global standard for electronic payments is widely used for
inter-operation between chip equipped credit/debit cards, Point of Sales
devices and ATMs.

In 2011, our "Chip & PIN is definitely broken" presentation uncovered an EMV
design flaw that, by means of chip skimmers, allows for arbitrary PIN
harvesting.

Since then, by consulting on EMV implementations and their behaviour under
effective attacks, Inverse Path has assisted issuing banks, as well as
cardholders, with successful resolution of cases involving wrongful liability
for fraudulent charges.

Our updated research effort identifies and verifies new interactions between
previous EMV attacks, which even further affect the protection, or lack of,
that EMV provides for the PIN.

This presentation aims to fully empower both cardholders and issuers with an
understanding of all applicable attacks, while also illustrating the relevant
EMV fraud detection markers.

Such information is vital to enable cardholders to request the correct and
relevant information necessary to claim fraudulent charges and to enable
issuers and processors to prevent fraud in the first place.

-------------------------------------------------------------------------------