Many discussions over the security of Chip & PIN have focused on the tamper-resistance of terminals (for example in the aftermath of the Shell Chip & PIN fraud). It is important to remember, however, that even perfect tamper resistance only ensures that the terminal will no longer be able to communicate with the bank once opened. It does not prevent anyone from replacing most of the terminal’s hardware and presenting it to customers as legitimate, so freely collecting card details and PINs.
Steven Murdoch and myself took the chassis of a real terminal and replaced much of the internal electronics such that it allows us to control the screen, keypad and card-reader. Steven suggested that in order to show that it is completely under our control, we should make it play Tetris (similarly to the guys who made a voting machine play chess). We recorded a short video showing our Tetris playing terminal in action. Have a merry Christmas and happy New Year
Update (2007-01-03): The video is now on YouTube.
Update (2007-01-05): The Association for Payment Clearing Services
(APACS) has responded:
APACS, the payments organisation representing high street banks, said the Cambridge breakthrough could be a threat.
‘People could, in theory, use this to steal account details from cards,’ said Sandra Quinn of APACS. ‘Our experts are in discussion with the manufacturers of terminals to see what can be done. Essentially what these people have done is replace the innards of a chip and Pin machine.
‘However, we would say that this has only been seen in a laboratory so far. People would not be able to create counterfeit chip and Pin cards, but they could use this information abroad to make purchases.’