Fortunately none of my EMV credit cards appear to be vulnerable to the Infineon RSA vulnerability checks.
-
-
Replying to @AndreaBarisani
Who would spend $40 to crack open your credit card (is it even 1024?) when you get 100 validated cards for $99 on the black market?
1 reply 0 retweets 0 likes -
Replying to @rvonpost
Main concern was fraud liability, also checking took like 2 minutes and I was curious ;)
2 replies 0 retweets 0 likes -
Replying to @AndreaBarisani @rvonpost
3-DES keys used to generate ARQC are still safe, RSA is used for the offline authentication between the terminal and the card
1 reply 0 retweets 1 like -
Yes, I was curious about offline auth as we have played with it already:https://github.com/abarisani/abarisani.github.io/tree/master/research/emv …
1 reply 0 retweets 1 like -
Replying to @AndreaBarisani @rvonpost
Oh, CVM downgrade, was fun being on the vendor side. The issuers who misconfigured their DDOLs for sure knew they had it coming, no surprise
1 reply 0 retweets 1 like -
Actually in the end it is a problem regardless of issuer configuration given that the EMV POSes honors spoofed DDOLs allowing transaction.
2 replies 0 retweets 0 likes
So it is fundamentally an EMV protocol flaw which can only be prevented by breaking the standard to a certain extent.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.