Security specialist Karsten Nohl, founder of Security Research Labs, made a statement about the vulnerability of the data transfer protocol used by pos payment terminals to transfer bank card data. Employees of Security Research Labs in front of a surprised RT correspondent hacked the PIN code of his card and made a clone of it. At the same time, the correspondent used a chip card.
According to Nol, the problem lies not in the incorrect operation of devices, but in the vulnerabilities of the protocol itself. In this regard, it is necessary to change the entire system – which is expensive and unprofitable, at least until hacking has become widespread.
Nol and his team tried to draw the attention of banks to this problem. But they, although they recognize it, are not going to take any measures. "Companies responsible for the absence of such vulnerabilities, including the same banks, recognize its presence, but do not respond in any way yet. "They say,' There haven't been any break-ins yet, ' but it's only a matter of time."
Unfortunately, the RT report lacks technical details of the hack. Apparently, the vulnerability concerns wireless terminals that communicate with a common database via WiFi.
Nol has already become famous for exposing a large vulnerability, when in the summer of 2013 he reported on the discovery of a vulnerability in SIM cards with the DES (Data Encryption Standard) encryption standard. This is an outdated standard, which, however, is used by a large number of manufacturers, and hundreds of millions of SIM cards support DES.
