<\/p>\n
\nForget about security! It turns out that the Chip-and-PIN cards are just as easy to clone as magnetic stripe cards.\n<\/p>\n
\nIt took researchers just a simple chip and pin hack to withdraw up to $50,000 in cash from an ATM in America in under 15 minutes.\n<\/p>\n
\nWe have been told that EMV (<\/p>\n
Europay, MasterCard and Visa<\/i><\/p>\n
) chip-equipped cards provides an extra layer of security which makes these cards more secure and harder to clone than the old magnetic stripe cards.\n<\/p>\n
\nBut, it turns out to be just a myth.\n<\/p>\n
\nA team of security engineers from Rapid7 at Black Hat USA 2016 conference in Las Vegas demonstrated how a small and simple modifications to equipment would be enough for attackers to bypass the Chip-and-PIN protections and enable unauthorized transactions.\n<\/p>\n
\nThe demonstration was part of their presentation titled, <\/p>\n
“Hacking Next-Gen ATMs: From Capture to Washout,” <\/i><\/p>\n
[<\/p>\n
PDF<\/a><\/p>\n ]. The team of researchers was able to show the audience an ATM spitting out hundreds of dollars in cash.<\/p>\n \nThe hack requires two processes to be performed.\n<\/p>\n \nFirst, the criminals need to add a small device known as a <\/p>\n Shimmer <\/b><\/p>\n to a point-of-sale (POS) machine (here, ATM’s card reader) in order to pull off a man-in-the-middle (MITM) attack against an ATM.\n<\/p>\n \nThe shimmer sits between the victim’s chip and the card reader in the ATM and can record the data on the chip, including PIN, as the ATM reads it. It then transmits this data to the criminals.\n<\/p>\n \nThe criminals then use a smartphone to download this stolen data and recreate the victim’s card in an ATM, instructing it to eject cash constantly.\n<\/p>\n \nTod Beardsley, a security research manager for Rapid7, <\/p>\n\nHere’s How the Hack Work<\/h3>\n