In February, Steven Murdoch, Ross Anderson and I reported our findings on system-level failures of widely deployed PIN Entry Devices (PED) and the Chip and PIN scheme as a whole. Steven is in Oakland presenting the work described in our paper at the IEEE Symposium on Security and Privacy (slides).
We are very pleased that we are the recipients of the new “Most Practical Paper” award of the conference, given to “the paper most likely to immediately improve the security of current environments and systems”. Thanks to everyone who supported this work!
7 thoughts on “PED vulnerability paper receives "Most Practical Paper" award at Oakland”
Congratulations again guys on this, and a nice conclusion to all your work in the PED area! You really pulled the wool over the IEEE judges eyes, with a “most practical paper” award for attacks that really only work under laboratory conditions 😉
The question unanswered… what to investigate next?
Good job and all, but it seems a bit ludicrous for an academic conference to be giving out a “Most Practical Paper” award. What does it signify? That you’re the most practical of the impractical? I guess that’s something…..
Well deserved 😉
But who gets the award for greatest deployment?
And see here for the police viewpoint…
The shim attack that we predicted in this paper has now been reported in the wild, two years later.