Chip-and-PIN terminal hacked to play Tetris
January 5th, 2007 Posted in Chip PINEngadget reports that security researchers Steven Murdoch and Saar Drimer hacked one of Britain’s much-vaunted “tamper-resistant” chip-and-PIN credit-card processing terminals so that it plays Tetris.
They have this YouTube video showing it:
A better quality video and description is available on their website.
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
One Response to “Chip-and-PIN terminal hacked to play Tetris”
By AnonyMouse on Jan 6, 2007
Actually, it wasn’t ‘hacked’ so much as rebuilt using different hardware:
“Steven Murdoch and myself took the chassis of a real terminal and replaced much of the internal electronics such that it allows us to control the screen,”
This is an attack that is intrinsically difficult to prevent. Even if the device is impossible to open, it is always possible to create copy plastics. However, by opening the device (or creating a copy of it), you will render the device incapable of communicating to the banking host. Therefore, such an attack must be performed with the colusion of the merchant (who will surely notice that none of the revenue that has been processed through the terminal has gone into the store account). Any customer whose data was compromised with such a terminal would notice any significant misuse of this data - allowing for the card association to ‘triangulate’ back to the criminal merchant.