<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>smart cards &#8211; Noise</title>
	<atom:link href="https://noise.getoto.net/tag/smart-cards/feed/" rel="self" type="application/rss+xml" />
	<link>https://noise.getoto.net</link>
	<description>The collective thoughts of the interwebz</description>
	<lastBuildDate>Wed, 25 May 2022 16:56:54 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=6.8.2</generator>
	<item>
		<title>Malware-Infested Smart Card Reader</title>
		<link>https://noise.getoto.net/2022/05/26/malware-infested-smart-card-reader/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 26 May 2022 11:55:29 +0000</pubDate>
				<category><![CDATA[Malware]]></category>
		<category><![CDATA[smart cards]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=65461</guid>

					<description><![CDATA[Brian Krebs has an interesting story of a smart ID card reader with a malware-infested Windows driver, and US government employees who inadvertently buy and use them.
But by all accounts, the potential attack surface here is enormous, as many federal e...]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Interesting Attack on the EMV Smartcard Payment Standard</title>
		<link>https://noise.getoto.net/2020/09/14/interesting-attack-on-the-emv-smartcard-payment-standard/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Mon, 14 Sep 2020 11:21:36 +0000</pubDate>
				<category><![CDATA[academic papers]]></category>
		<category><![CDATA[credit cards]]></category>
		<category><![CDATA[fraud]]></category>
		<category><![CDATA[man-in-the-middle attacks]]></category>
		<category><![CDATA[pins]]></category>
		<category><![CDATA[point of sale]]></category>
		<category><![CDATA[smart cards]]></category>
		<category><![CDATA[smartphones]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=60190</guid>

					<description><![CDATA[<p>It&#8217;s <a href="https://arxiv.org/pdf/2006.08249.pdf">complicated</a>, but it&#8217;s basically a man-in-the-middle attack that involves two smartphones. The first phone reads the actual smartcard, and then forwards the required information to a second phone. That second phone actually conducts the transaction on the POS terminal. That second phone is able to convince the POS terminal to conduct the transaction without requiring the normally required PIN.</p>
<p>From a <a href="https://techxplore.com/news/2020-09-outsmarting-pin-code.html">news article</a>:</p>
<blockquote><p>The researchers were able to demonstrate that it is possible to exploit the vulnerability in practice, although it is a fairly complex process. They first developed an Android app and installed it on two NFC-enabled mobile phones. This allowed the two devices to read data from the credit card chip and exchange information with payment terminals. Incidentally, the researchers did not have to bypass any special security features in the Android operating system to install the app...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
	</channel>
</rss>

<!--
Performance optimized by W3 Total Cache. Learn more: https://www.boldgrid.com/w3-total-cache/

Object Caching 28/70 objects using Memcached
Page Caching using Disk: Enhanced 
Lazy Loading (feed)
Database Caching using Memcached

Served from: noise.getoto.net @ 2025-12-11 10:13:15 by W3 Total Cache
-->