Monday, April 17, 2006

Triple DES Upgrades May Introduce New ATM Vulnerabilities

Thanks to Bruce Schneier who pointed out this article. Also, as Bruce points out:

Basically, at the same time they're upgrading their encryption to triple-DES, they're also moving the communications links from dedicated lines to the Internet. And while the protocol encrypts PINs, it doesn't encrypt any of the other information, such as card numbers and expiration dates.

So it's the move from dedicated lines to the Internet that's adding the insecurities.

Via Payment News.

In a press release today [13 April 2006], Redspin, an independent auditing firm based in Carpinteria, CA, suggests that the recent mandated upgrades of ATMs to support triple DES encryption of PINs has introduced new vulnerabilities into the ATM network environment - because of other changes that were typically made concurrently with the triple DES upgrades.

posted by Fergie @ 4/17/2006 09:39:00 AM

0 Comments:

Post a Comment

<< Home