ATM Chip and Pin hack revealed at Black Hat conference

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

ATM Chip and Pin hack revealed at Black Hat conference

While chip and pin is widely used in Europe, the US has only just started to use the technology.

Concerns across the pond are that this makes them a new target for hackers, according to researchers at the Black Hat conference in Las Vegas.

They demonstrated how hackers were able to use mostly unmodified ATM machines to dispense hundreds of dollars -similar to how hackers would possibly use the machines.

Tom Beardsley, security manager for Rapid7, who oversaw the hack, said:

“In the US we have finally caught up to the rest of the world who are using chip and pin”
“The state of chip and pin security is that it’s a little oversold.”


About the hack

The story is quite a concerning one as the “hack” was able to get ATMs to spit money out!

Rapid7 disclosed the vulnerabilities of the hack at the conference to major banks and ATM makers. Specifics were not shared in order to prevent the same technique being used, and whilst this story stems from the move in the U.S. to use chip and pin, we should all be concerned – especially since we use it so much over here in the UK.

The hack is a two stage process…

The criminals first modify the point-of-sale machines by adding a device which sits between the victims chip and the receptor in the machine where the card is inserted. This device is known as a shimmer.

The shimmer then reads the chip when the card is inserted. It also reads the pin that is entered and all of this information is sent to the criminals.

For the second part of the hack, criminals then download the information from the stolen card to a Smartphone which can basically recreate the card in any ATM.

The chip and pin is meant to add more security compared to people swiping the magnetic strip, which allowed criminals to copy the information on the cards and have unlimited access to the card information.

The chip and pin only provides a small window of opportunity making it harder for the criminals.

The ATM can be instructed to withdraw cash constantly, and at any point. This mean that criminals could have a vast collection of modified points of sale system that allows them to have a constant stream of cash.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon