Cambridge researchers have documented a worrying PIN cracking technique against the hardware security modules commonly used by bank ATMs. Mike Bond and Piotr Zielinski have published a paper detailing how a complex mathematical attack can yield a PIN in an average of 15 guesses. By design, it shouldn’t be possible to guess a four-digit pin in less than an average of 5,000 attempts. The attack, documented in a paper published earlier this week, is directed against the decimalisation tables used to translate between a card PIN and the hexadecimal value of a PIN generated when the hardware security module checks the validity of a number. The attack works not by going after the PIN number directly but by manipulating the contents of the decimalisation table in order to gain clues (such as which digits are or are not present in the PIN). Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.