http://news.bbc.co.uk/hi/english/sci/tech/newsid_1645000/1645552.stm
By BBC News Online technology correspondent Mark Ward
A serious weakness has been discovered in the methods used by banks to
protect the number that lets you get money from a cash machine. Researchers
from the University of Cambridge have found that the computer systems which
check that these numbers are valid are easy to defeat. They warn that
unscrupulous insiders could exploit these weaknesses to raid customer
accounts. The researchers have called on banks to revise their security
arrangements and use more open procedures to protect customers' cash.
... The physical construction of the cryptoprocessors is certified to a high
standard to ensure that the boxes cannot be forced to give up the keys they
use to scramble data. Any physical tampering with the box makes them
destroy the keys they use. [However,] security researchers Michael Bond and
Richard Clayton have found serious weaknesses in the software
cryptoprocessors use to handle the encryption keys as they talk to different
programs. ... using the clues provided by the leaky software, the cracking
time can be reduced to just 24 hours.
Andrew Brydon, Systems & Software Safety Analyst, Lancashire, UK [Andrew Brydon via risks-digest Volume 21, Issue 74]
0:00
#
G!
