Powered by Blogger.
RSS
Custom Search
King-Shan

IP

How to hack a Bank card’s PIN easily


As Germany’s famous technology website heise online conveys today, two security experts named Omer Berkmann and Odelia Moshe Ostrovsky of the “School of Computer Science” in Tel Aviv have published a couple of attack scenarios against Bank Card PINs (ATM PINs) which require only only two guesses for a successful hack of the PIN of a certain account.
Abstract. We describe new attacks on the financial PIN processingAPI. The attacks apply to switches as well as to verification facilities.The attacks are extremely severe allowing an attacker to expose customerPINs by executing only one or two API calls per exposed PIN. One ofthe attacks uses only the translate function which is a required functionin every switch. The other attacks abuse functions that are used to allowcustomers to select their PINs online. Some of the attacks can be appliedon a switch even though the attacked functions require issuer’s keyswhich do not exist on a switch. This is particularly disturbing as it waswidely believed that functions requiring issuer’s keys cannot do any harm
if the respective keys are unavailable.
The problem with these attacks is the fact that this just requires access to (or an insider inside of) one of the forwarding switches between the bank terminal used and the data center of the issuing bank. As Bruce Schneier names it in his blog, this renders the complete PIN authentication process as weak/insecure as the least trusted element in this chain. He continues
Instead of just having to trust your own issuer bank that they have good security against insider fraud, you have to trust every other financial institution on the network as well. An insider at another bank can crack your ATM PIN if you withdraw money from any of the other bank’s ATMs.
The reason for this security hole in the process can be found in the distance between bank terminal and bank data center, especially if you access your bank account from out of a foreign country. This involves so-called Switches, other data centers, which decrypt and re-encrypt the submitted data packets with the help of so-called Hardware Security Modules. If an employee of these Switches is corrupt and has access to these HSMs he can easily hack the PIN, just by using some API methods of the Financial PIN Processing API.
The problem is severe in that way that you as a customer have been able to recognize a manipulated terminal easily, but these attacks do not require any hardware modifications to a bank terminal, so you can no longer recognize whether there is some bad guy waiting for a Man in the Middle attack to duplicate your bank card including your PIN. For this reason Berkmann and Ostrovsky didn’t want to disclose their findings, but due to a lack of response of the international banks they contacted they did not see any chance other than disclosing these severe security issues.
King-Shan



  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

4 comments:

Unknown said...

I want to shear a life changing story with everyone who cares to read this testimony. Blank atm cards are real and are effective all over the world. my name is Gorge Judy i live in SPAIN . I got this card from [skylink technology] a month ago. this card has really help me pay my debts and now i am free from all financial problems. I no this is hard to believe , but i never knew there was this kind of card until i got one. This card withdraw more than €6000 daily and it is very easy to use. But you have to be very careful in other not to be caught by the police because it is illegal. If you want more information on this card and how to get one just contact the hackers by this address
skylinktechnes@yahoo.com or whatsapp +1(213)328–0248

felisha green said...

This professional hacker is absolutely reliable and I strongly recommend him for any type of hack you require. I know this because I have hired him severally for various hacks and he has never disappointed me nor any of my friends who have hired him too, he can help you with any of the following hacks:

-Phone hacks (remotely)
-Credit repair
-Bitcoin recovery (any cryptocurrency)
-Make money from home (USA only)
-Social media hacks
-Website hacks
-Erase criminal records (USA & Canada only)
-Grade change

Email: cybergoldenhacker at gmail dot com

Laurie Kayleen said...

My partner was cheating and I needed some proofs, so I decided to contact a private investigator that

introduced me to a professional online ghost hacker who took care of the hacking jobs.
He hacked my partner's Cell Phones, Facebook, Instagram, WhatsApp, Twitter and all his Email

accounts. He is a professional indeed, he saved my live because I got all I wanted as a proof.
I was so glad and indeed very happy that I have proven truth and also enough proofs he was cheating.
Contact him for any hacking jobs. Tell him I (Laurie Kayleen) referred you to him, he will surely

meet up with your hacking needs.
Contact him on: cloudanonymoushacking247@gmail.com

BENITO FAUSTO said...

INSTEAD OF GETTING A LOAN, CHECK OUT THE BLANK ATM CARD IN LESS THAN 24hours {oscarwhitehackersworld@gmail.com}


I want to testify about OSCAR WHITE blank ATM cards which can withdraw money from any ATM machines around the world. I was very poor before and have no hope then I saw so many testimony about how OSCAR WHITE send them the blank ATM card and i use it to collect money in any ATM machine and become rich. I also email him and he sent me the blank card. I have use it to get $100,000 dollars. withdraw the maximum of $5,000 daily.OSCAR WHITE is giving out the card just to help the poor. Hack and take money directly from any ATM Machine Vault with the use of ATM Programmed Card which runs in automatic mode. email Him on how to get it now via: oscarwhitehackersworld@gmail.com or whats-app +1(323)-362-2310

Post a Comment