Re: Poor implementation
What? There's nothing available from the chip that should allow somone to set up new accounts...
Agreed ... but (despite what the article says) I don't think that's what's happening.
The full details haven't been released, but it appears that the attack involves recording the details of a legitimate transaction and later replaying that transaction (and hundreds of others from other cards) on another ATM.
This is possible because there is no attempt in current chip-and-PIN systems to authenticate the card to the terminal (or the terminal to the card, for that matter). Such checks could be implemented using a challenge-and-response technique*, but such a technique would require every terminal to have access to a key stored on the card, and the secure management and storage of these keys would be a heavy administrative burden.
[* The terminal would generate a random number and ask the card to encrypt or sign this number with an on-card key. The card would reply with the encrypted/signed data, and the terminal would verify the result using its copy of the key.
Such a transaction could not simply be replayed as the random challenge would be different every time, so the attack described here would be defeated.
The key would be stored on the card in a "file" that can be used as a key but cannot be read or copied. EMV cards already have the capabilities needed to perform these calculations (though they may not be issued with suitable keys installed).
The terminal would have to have a copy of the key used on each card (which could be a cyptogram of the card number, so only one key-deriving key would be needed for each card issuing body), but the terminal would need to have its own securely stored copy of the key used by every card issuer or would have to be online to the card issuing bodies in order to obtain a card's key in real time. If a card issuer's key-deriving key were ever to be compromised then it would be possible to spoof any card protected by that key, so making key storage in an ATM sufficiently secure would be extremely difficult.]