ATM Chip And Pin Hack Revealed At Black Hat Conference

While chip and pin is widely used in Europe, the US has only just started to use the technology.

Concerns across the pond are that this makes them a new target for hackers, according to researchers at the Black Hat conference in Las Vegas.

They demonstrated how hackers were able to use mostly unmodified ATM machines to dispense hundreds of dollars -similar to how hackers would possibly use the machines.

Tom Beardsley, security manager for Rapid7, who oversaw the hack, said:

“In the US we have finally caught up to the rest of the world who are using chip and pin”

“The state of chip and pin security is that it’s a little oversold.”

About the hack

The story is quite a concerning one as the “hack” was able to get ATMs to spit money out!

Rapid7 disclosed the vulnerabilities of the hack at the conference to major banks and ATM makers. Specifics were not shared in order to prevent the same technique being used, and whilst this story stems from the move in the U.S. to use chip and pin, we should all be concerned – especially since we use it so much over here in the UK.

The hack is a two stage process…

The criminals first modify the point-of-sale machines by adding a device which sits between the victims chip and the receptor in the machine where the card is inserted. This device is known as a shimmer.

The shimmer then reads the chip when the card is inserted. It also reads the pin that is entered and all of this information is sent to the criminals.

For the second part of the hack, criminals then download the information from the stolen card to a Smartphone which can basically recreate the card in any ATM.

The chip and pin is meant to add more security compared to people swiping the magnetic strip, which allowed criminals to copy the information on the cards and have unlimited access to the card information.

The chip and pin only provides a small window of opportunity making it harder for the criminals.

The ATM can be instructed to withdraw cash constantly, and at any point. This mean that criminals could have a vast collection of modified points of sale system that allows them to have a constant stream of cash.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.

Create A Call Back

Information on how we handle your data is available in our Privacy Policy.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.