Richard Allan (whose blog, coincidentally, was one of the reasons I first thought about joining the LibDems) posts about the Cambridge University’s Computer Lab Security Group and their blog Light Blue Touchpaper.
This is an excellent blog, not least because by nature security researchers tend to be liberals of varying degrees (probably due to a healthy disrespect for authority and coming across how much people mess things up so much).
Recently they showed how some people managed to play Tetris on a Chip ‘n’ Pin terminal.
Unusually this has actually been recognised as a problem by the banking industry, something which they are loathe to do, especially with their beloved Chip ‘n’ Pin. The threat is real though. Despite the fact that the terminals are tamper resistant, this could be used to harvest PIN’s. This is because the tamper resistance means that they stop working if you tamper with them, but if you can simply replace the functions with something which mimics a functioning terminal, except for actually processing it (you could convince the till that its worked if necessary) then you can harvest PIN’s with impunity.
Even if the cases were tamper evident, who knows what to look for? I don’t. I expect most customers or staff do.
Of course, what happens when we get clones of the machines which just drop in place? I sense a whole world of problems…
