In under 15 minutes, a chip and pin card was hacked and used in an ATM to withdraw $50,000. Don’t panic yet. This was done by researchers to test the security of the chip and pin. Fact is they are as easy as magnetic stripe cards to clone.
The hack was demonstrated at the Black Hat USA conference in Las Vegas.
This is how the article describes it. Two processes need to be performed. “First, the criminals need to add a small device known as a Shimmer to a point-of-sale (POS) machine (here, ATM’s card reader) in order to pull off a man-in-the-middle (MITM) attack against an ATM.
The shimmer sits between the victim’s chip and the card reader in the ATM and can record the data on the chip, including PIN, as the ATM reads it. It then transmits this data to the criminals. The criminals then use a smartphone to download this stolen data and recreate the victim’s card in an ATM, instructing it to eject cash constantly.”
Researchers have disclosed full details about the issue in Chip-and-PIN ATMs to banks and major ATM manufacturers and said they hope the institutions (currently unnamed) are examining the issue.