2012/9/25 Peter Stuge <pe...@stuge.se> > NdK wrote: > > >> IIUC that bit is not authenticated, so a MITM attack can force both > the > > >> reader and the card think the other party doesn't support PIN auth, > > >> making the card sign the transaction anyway, regardless the amount > > >> involved. So IMVHO it's quite serious... > > > http://www.cl.cam.ac.uk/~sjm217/papers/oakland10chipbroken.pdf > > Tks. That's the (or one of) article I remembered but couldn't find... > > http://google.com/search?q=chip+and+pin+broken
but the broken security demonstrated so far is related to misconfiguration, and many other banks have correct card profiles and are not affected. Regards, Andreas
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
