A group of researchers has found that many banking terminals use predictable transaction IDs.
Researchers at Cambridge University presented a report on vulnerabilities in banking card terminals, which allow hackers to steal user information, and create clones of existing credit cards.
The study was presented at the conference on cryptography in Leuven, Belgium. The scientists were able to establish that the implementation of bank card leaves the possibility of a kind of cloning, despite the assurances of the reliability of the existing bank systems. According to scientists, the problem of too many financial institutions today is the use of unsound methods of cryptography.
The participants of the study note that although the cash card is used in the world for over a century, it has only recently become closely studied by scientists and researchers.
Each time a user conducts a transaction with a credit card, it uses a unique number. This number is created inside the electronic cash withdrawal and should be generated randomly. Scientists became aware of the fact that in many cases the equipment used by the bank has resorted to a combination of symbols that are easy to predict.
“If you guess a unique transaction number, You can write anything you want, from instant access to the smart card, and then simulate the card at another time and in another place – said researcher Mike Bond blog University. – As well, you can clone the card. This is called the attack on the pre-emption. “
A detailed description of the research scientists at Cambridge University can be found here.