ناسا هاست ارائه دهنده سرور مجازی لینوکس و هاست پرسرعت وردپرس به همراه سی پنل و دایرکت ادمین
نمایش نتایج: از شماره 1 تا 1 , از مجموع 1

موضوع: Newest Attack on your Credit Card: ATM Shims

  1. #1
    کاربر فعال H.Mehrara آواتار ها
    تاریخ عضویت
    Jan 1970
    محل سکونت
    Tehransar
    نوشته ها
    1,117
    تشکرها / پسندها

    پیش فرض Newest Attack on your Credit Card: ATM Shims

    Shimming is the newest con designed to skim your credit card number, PIN and other info when you swipe your card through a reader like an ATM machine. The shim is the latest attack being used by criminals to steal your credit card info at the ATM or other Pin Entry Device. According to Diebold, " The criminal act of card skimming results in the loss of billions of dollars annually for financial institutions and card holders. Card skimming threatens consumer confidence not only in the ATM channel, but in the financial institutions that own compromised ATMs as well."

    Shimming works by compromising a perfectly legitimate card reader (like an ATM) by inserting a very thin flexible circuit board through the card slot that will stick to the internal contacts that read card data. The shim is inserted using a "carrier card" that holds the shim, inserts it into the card slot and locks it into place on the internal reader contacts. The carrier card is then removed. Once inserted, the shim is not visible from the outside of the machine. The shim then performs a man-in-the-middle attack between an inserted credit card and the circuit board of the ATM machine. See the image below for an example of what a skim looks like inside the ATM.

    Before it was practical/possible to create shims, thieves used various skimmer designs that attached to the outside of the card slot. Like the one shown below:
    Image is Courtesy of Naples Police Department:


    It is important to keep in mind that this attack is not trivial from an engineering standpoint. The shim needs to be extremely thin and flexible. In fact it must be less than 0.1mm in most cases to fit in the space allocated in the card reader and not obstruct credit cards from being inserted seamlessly. The [فقط اعضا می توانند لینک ها را مشاهده کنند برای ثبت نام اینجا را کلیک کنید] that regulates the dimensions of the card slot calls for the following specifications according to section 5.2.1.1 on Module Height:
    *The highest point on the IC module surface shall not be greater than 0.10mm above the plane of the card surface.
    *The lowest point on the IC module surface shall not be greater than 0.10mm below the plane of the card surface.
    To put in perspective how thin less than 0.1mm is, think about this. Your credit card is 0.76mm thick. A grain of salt is 0.5mm thick. The human hair is about 0.18mm thick. The smallest objects that the unaided human eye can see are about 0.1 mm long. Now that's thin!!!! Add to this that the shim must be semi-flexible and this attack becomes quite a technological achievement.

    Recent advances in microchip fabrication coupled with the commoditization of same means that shims this size can be cheaply and reliably manufactured by the bad guys. The actual designing of the shim and its components, especially the transmitter function, is still non-trivial. But it was inevitable that this the thieves would figure this out, as they have. It has been found that effective flexible shims are recently being mass produced and widely used in certain parts of Europe.

    One of the main reasons this attack can succeed is because in most all countries today (like the U.S.A) the data sent from the chip on a credit card to the contacts on the ATM circuit board is sent in the clear. So if you can get in the middle of that data flow, like a shim attack does, you can capture card data, pin information, CVV info, etc. However, most Pin Entry devices have supported offline-encrypted pin (encrypting the data between chip and board) for years. So it is possible that if this feature was enabled on both the credit card and the machine it could defeat this attack. The credit card chip encrypts the data using its public key before it sends it to the card reader.
    Skimming is not something new, it's been around since ATM machines. However, it is continuing to become more sophisticated and readily available. It is a constant battle between the Pin entry device manufacturers and the criminals. The shim attack is just the latest in a long history of attacks
    ویرایش توسط patris_70 : 2010/08/11 در ساعت 05:46 PM
    Solaris , BSD Unix admin.
    business Contact: 09374700196
    www.Mehrara.Net

  2. # ADS
    Circuit advertisement
    تاریخ عضویت
    Always
    محل سکونت
    Advertising world
    نوشته ها
    Many
     

اطلاعات موضوع

کاربرانی که در حال مشاهده این موضوع هستند

در حال حاضر 1 کاربر در حال مشاهده این موضوع است. (0 کاربران و 1 مهمان ها)

علاقه مندی ها (Bookmarks)

علاقه مندی ها (Bookmarks)

مجوز های ارسال و ویرایش

  • شما نمیتوانید موضوع جدیدی ارسال کنید
  • شما امکان ارسال پاسخ را ندارید
  • شما نمیتوانید فایل پیوست کنید.
  • شما نمیتوانید پست های خود را ویرایش کنید
  •