Chip and Pin defeated by Paper clip trick

After news from Princeton University that encryption could be broken thanks to a glacial blast of liquid nitrogen, another group of researchers, this time from the University of Cambridge, found out how to circumvent Chip and Pin protection.

Chip and Pin, which was flogged as the next big thing in consumer security since cards were introduced, could well be slightly more insecure than first believed.

Saar Drimer, Steven Murdoch and Ross Anderson, from the Cambridge University Computer Laboratory said that two PIN Entry devices or PED used extensively in the industry do not fare well when protecting card details.

The Ingenico i3300 and Dione Xtreme are both vulnerable to a 'tapping attack', according to a widely available technical paper (PDF download here), using a few bits and bobs which cost no more than £10.

The operation is as simple as it is ingenious; a minuscule piece of electronics is inserted into the PED device and records all transactions including PIN and account details as they are transmitted between the genuine account holder and the machine.

This whole new Chip and Pin saga reminds us of the story of a French lad called Serge Humpich, who back in 2000, cracked open the French chip card system but ended up in jail rather than being celebrated.

Details of how the PED were hacked were shown yesterday on BBC 2's Newsnight and Ingenico, which is behind one of the PEDs says that the hacking requires specialist knowledge; something we're sure criminals do not lack.