{"id":1050,"date":"2010-02-15T00:38:58","date_gmt":"2010-02-15T00:38:58","guid":{"rendered":"http:\/\/nethemba.com\/de\/prelomena-ochrana-chip-and-pin\/"},"modified":"2010-02-15T00:38:58","modified_gmt":"2010-02-15T00:38:58","slug":"prelomena-ochrana-chip-and-pin","status":"publish","type":"post","link":"https:\/\/nethemba.com\/de\/prelomena-ochrana-chip-and-pin\/","title":{"rendered":"Prelomen\u00e1 ochrana Chip and PIN"},"content":{"rendered":"<p>Zauj\u00edmav\u00e9 predn\u00e1\u0161ky o bezpe\u010dnosti v\u0161adepr\u00edtomn\u00fdch platobn\u00fdch kariet Cambridgsk\u00e9ho v\u00fdskumn\u00edka <a href=\"http:\/\/www.cl.cam.ac.uk\/~sjm217\/\">Dr. Steve J. Murdocha<\/a> sme mali mo\u017enos\u0165 viackr\u00e1t vidie\u0165 v Berl\u00edne na CCC konferencii:<\/p>\n<ul>\n<li><a href=\"http:\/\/events.ccc.de\/congress\/2007\/Fahrplan\/events\/2289.en.html\">Relay attacks on card payment: vulnerabilities and defences<\/a><\/li>\n<li><a href=\"http:\/\/events.ccc.de\/congress\/2008\/Fahrplan\/events\/2953.en.html\">Security Failures in Smart Card Payment Systems<\/a><\/li>\n<li><a href=\"http:\/\/events.ccc.de\/congress\/2009\/Fahrplan\/events\/3657.en.html\">Optimised to fail<\/a><\/li>\n<\/ul>\n<p>Tentokr\u00e1t spolu s \u010fal\u0161\u00edmi kolegami z Cambridge Univerzity \u0161peci\u00e1lne zabodoval a prakticky demon\u0161troval jednoduch\u00fd sp\u00f4sob <a href=\"http:\/\/en.wikipedia.org\/wiki\/Man-in-the-middle_attack\">Man-In-The-Middle<\/a> \u00fatoku na masovo pou\u017e\u00edvan\u00fa platobn\u00fa technol\u00f3giu &#8222;Chip and PIN&#8220;.<\/p>\n<p>Technick\u00fd draft uveden\u00e9ho \u00fatoku je mo\u017en\u00e9 n\u00e1js\u0165 <a href=\"http:\/\/www.cl.cam.ac.uk\/research\/security\/banking\/nopin\/oakland10chipbroken.pdf\">tu<\/a>, Juraj Bedn\u00e1r publikoval <a href=\"http:\/\/www.soit.sk\/sk\/aktualne\/2010-02-14\/c58-prelomena-ochrana-chip-and-pin-kariet-na-ziskanie-penazi-nepotrebujete-pin\">pekn\u00fd a stru\u010dn\u00fd popis v sloven\u010dine<\/a> ako cel\u00fd \u00fatok principi\u00e1lne funguje.<\/p>\n<p>\u00datok je skuto\u010dne jednoduch\u00fd a vyu\u017e\u00edva fundament\u00e1lnu chybu v samotnom protokole v\u010faka ktorej dok\u00e1\u017ee \u00fato\u010dn\u00edk vykona\u0165 \u013eubovo\u013en\u00fa transakciu bez toho, aby sa o tom samotn\u00e1 obe\u0165 dozvedela.<\/p>\n<p>\u00dato\u010dn\u00edk disponuje lacn\u00fdm MITM\u00a0zariaden\u00edm (ktor\u00e9 je mo\u017en\u00e9 skon\u0161truova\u0165 z verejne dostupn\u00fdch s\u00fa\u010diastok za cenu cca $200) a jeho funkcia je relat\u00edvne jednoduch\u00e1 &#8211; sprostredk\u00fava komunik\u00e1ciu medzi termin\u00e1lom a samotnou kartou, ak detekuje od termin\u00e1lu v\u00fdzvu na overenie PINu, tak tento po\u017eiadavok \u010falej nepreposiela karte, ale na to automaticky odpovie spr\u00e1vou, \u017ee PIN\u00a0bol \u00faspe\u0161ne overen\u00fd. Nako\u013eko samotn\u00e1 karta ale uveden\u00fa v\u00fdzvu neprijme, tak sa prepne do re\u017eimu overovania &#8222;podpisu&#8220; a nastane zauj\u00edmav\u00e1 situ\u00e1cia &#8211; termin\u00e1l &#8222;ver\u00ed&#8220;, \u017ee klient zadal spr\u00e1vny PIN\u00a0k\u00f3d a s\u00fa\u010dasne karta &#8222;ver\u00ed&#8220;, \u017ee PIN\u00a0verifik\u00e1cia v\u00f4bec nenastala a teda sa bude overova\u0165 podpis vlastn\u00edka karty. \u00dato\u010dn\u00edk teda m\u00f4\u017ee <strong>vykona\u0165 samotn\u00fa transakciu bez toho, aby vedel PIN\u00a0alebo podpis vlastn\u00edka karty.<\/strong><\/p>\n<p>Nasaden\u00edm technol\u00f3gie &#8222;Chip and PIN&#8220; banka do ve\u013ekej miery presunula zodpovednos\u0165 za pr\u00edpadne podvody na samotn\u00e9ho klienta, ktor\u00fd jedin\u00fd vie skuto\u010dn\u00fd PIN\u00a0a teda je opr\u00e1vnen\u00fd dan\u00fa transakciu realizova\u0165. Uveden\u00fd \u00fatok bohu\u017eial demon\u0161truje, \u017ee to u\u017e nie je pravda.<\/p>\n<p>V pr\u00edpade horeuveden\u00e9ho MITM\u00a0\u00fatoku predstavuj\u00fa potenci\u00e1lnych \u00fato\u010dn\u00edkov:<\/p>\n<ul>\n<li>podvodn\u00ed obchodn\u00edci<\/li>\n<li>v\u0161etci, ktor\u00ed maj\u00fa fyzick\u00fd pr\u00edstup k sie\u0165ovej infra\u0161trukt\u00fare platobn\u00fdch termin\u00e1lov (\u010do sta\u010d\u00ed na pripojenie MITM\u00a0zariadenia)<\/li>\n<\/ul>\n<p>V oboch pr\u00edpadoch \u00fato\u010dn\u00edci nepotrebuj\u00fa pozna\u0165 PIN k\u00f3d alebo podpis klienta, napriek tomu dok\u00e1\u017eu vykona\u0165 \u013eubovo\u013en\u00fa transakciu v jeho mene. Klient dostane o\u00a0danej\u00a0&#8222;regul\u00e9rnej&#8220; transakcii samozrejme potvrdenie, \u010do potla\u010d\u00ed jeho pr\u00edpadne podozreniepotenci\u00e1lneho podvodu.<\/p>\n<p>V\u00fdskumn\u00edci z Cambridge uk\u00e1zali, \u017ee samotn\u00fd protokol platobn\u00fdch kariet m\u00e1 mno\u017estvo v\u00e1\u017en\u00fdch fundament\u00e1lnych nedostatkov a my sme op\u00e4\u0165 svedkami toho, ako dopadne bezpe\u010dnos\u0165 proprietarn\u00fdch protokolov a implement\u00e1ci\u00ed, ktor\u00fa nebolo mo\u017en\u00e9 pred nasaden\u00edm verejne d\u00f4kladne presk\u00fama\u0165 a spripomienkova\u0165 odbornou verejnos\u0165ou.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Zauj\u00edmav\u00e9 predn\u00e1\u0161ky o bezpe\u010dnosti v\u0161adepr\u00edtomn\u00fdch platobn\u00fdch kariet Cambridgsk\u00e9ho v\u00fdskumn\u00edka Dr. Steve J. Murdocha sme mali mo\u017enos\u0165 viackr\u00e1t vidie\u0165 v Berl\u00edne na CCC konferencii: Relay attacks on card payment: vulnerabilities and defences Security Failures in Smart Card Payment Systems Optimised to fail Tentokr\u00e1t spolu s \u010fal\u0161\u00edmi kolegami z Cambridge Univerzity \u0161peci\u00e1lne zabodoval a prakticky demon\u0161troval jednoduch\u00fd [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[11],"tags":[198,199,200,201],"class_list":["post-1050","post","type-post","status-publish","format-standard","hentry","category-unkategorisiert","tag-anderson-de","tag-chip-and-pin-de","tag-mitm-de","tag-murdoch-de"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Prelomen\u00e1 ochrana Chip and PIN - Nethemba<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nethemba.com\/de\/prelomena-ochrana-chip-and-pin\/\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Prelomen\u00e1 ochrana Chip and PIN - Nethemba\" \/>\n<meta property=\"og:description\" content=\"Zauj\u00edmav\u00e9 predn\u00e1\u0161ky o bezpe\u010dnosti v\u0161adepr\u00edtomn\u00fdch platobn\u00fdch kariet Cambridgsk\u00e9ho v\u00fdskumn\u00edka Dr. Steve J. Murdocha sme mali mo\u017enos\u0165 viackr\u00e1t vidie\u0165 v Berl\u00edne na CCC konferencii: Relay attacks on card payment: vulnerabilities and defences Security Failures in Smart Card Payment Systems Optimised to fail Tentokr\u00e1t spolu s \u010fal\u0161\u00edmi kolegami z Cambridge Univerzity \u0161peci\u00e1lne zabodoval a prakticky demon\u0161troval jednoduch\u00fd [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nethemba.com\/de\/prelomena-ochrana-chip-and-pin\/\" \/>\n<meta property=\"og:site_name\" content=\"Nethemba\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/nethemba\" \/>\n<meta property=\"article:published_time\" content=\"2010-02-15T00:38:58+00:00\" \/>\n<meta name=\"author\" content=\"Pavol Lupt\u00e1k\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@nethemba\" \/>\n<meta name=\"twitter:site\" content=\"@nethemba\" \/>\n<meta name=\"twitter:label1\" content=\"Verfasst von\" \/>\n\t<meta name=\"twitter:data1\" content=\"Pavol Lupt\u00e1k\" \/>\n\t<meta name=\"twitter:label2\" content=\"Gesch\u00e4tzte Lesezeit\" \/>\n\t<meta name=\"twitter:data2\" content=\"2\u00a0Minuten\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/prelomena-ochrana-chip-and-pin\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/prelomena-ochrana-chip-and-pin\\\/\"},\"author\":{\"name\":\"Pavol Lupt\u00e1k\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#\\\/schema\\\/person\\\/5f4ba68c8e1a2013d30e0804245b8234\"},\"headline\":\"Prelomen\u00e1 ochrana Chip and PIN\",\"datePublished\":\"2010-02-15T00:38:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/prelomena-ochrana-chip-and-pin\\\/\"},\"wordCount\":487,\"commentCount\":0,\"keywords\":[\"anderson\",\"chip and pin\",\"mitm\",\"murdoch\"],\"articleSection\":[\"Unkategorisiert\"],\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nethemba.com\\\/de\\\/prelomena-ochrana-chip-and-pin\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/prelomena-ochrana-chip-and-pin\\\/\",\"url\":\"https:\\\/\\\/nethemba.com\\\/de\\\/prelomena-ochrana-chip-and-pin\\\/\",\"name\":\"Prelomen\u00e1 ochrana Chip and PIN - Nethemba\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#website\"},\"datePublished\":\"2010-02-15T00:38:58+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#\\\/schema\\\/person\\\/5f4ba68c8e1a2013d30e0804245b8234\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/prelomena-ochrana-chip-and-pin\\\/#breadcrumb\"},\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nethemba.com\\\/de\\\/prelomena-ochrana-chip-and-pin\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/prelomena-ochrana-chip-and-pin\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nethemba.com\\\/de\\\/home-new-2025\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Prelomen\u00e1 ochrana Chip and PIN\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#website\",\"url\":\"https:\\\/\\\/nethemba.com\\\/de\\\/\",\"name\":\"Nethemba\",\"description\":\"We care about your security\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nethemba.com\\\/de\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"de\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#\\\/schema\\\/person\\\/5f4ba68c8e1a2013d30e0804245b8234\",\"name\":\"Pavol Lupt\u00e1k\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"caption\":\"Pavol Lupt\u00e1k\"},\"sameAs\":[\"https:\\\/\\\/www.nethemba.com\\\/\"],\"url\":\"https:\\\/\\\/nethemba.com\\\/de\\\/author\\\/nethemba-admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Prelomen\u00e1 ochrana Chip and PIN - Nethemba","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nethemba.com\/de\/prelomena-ochrana-chip-and-pin\/","og_locale":"de_DE","og_type":"article","og_title":"Prelomen\u00e1 ochrana Chip and PIN - Nethemba","og_description":"Zauj\u00edmav\u00e9 predn\u00e1\u0161ky o bezpe\u010dnosti v\u0161adepr\u00edtomn\u00fdch platobn\u00fdch kariet Cambridgsk\u00e9ho v\u00fdskumn\u00edka Dr. Steve J. Murdocha sme mali mo\u017enos\u0165 viackr\u00e1t vidie\u0165 v Berl\u00edne na CCC konferencii: Relay attacks on card payment: vulnerabilities and defences Security Failures in Smart Card Payment Systems Optimised to fail Tentokr\u00e1t spolu s \u010fal\u0161\u00edmi kolegami z Cambridge Univerzity \u0161peci\u00e1lne zabodoval a prakticky demon\u0161troval jednoduch\u00fd [&hellip;]","og_url":"https:\/\/nethemba.com\/de\/prelomena-ochrana-chip-and-pin\/","og_site_name":"Nethemba","article_publisher":"https:\/\/www.facebook.com\/nethemba","article_published_time":"2010-02-15T00:38:58+00:00","author":"Pavol Lupt\u00e1k","twitter_card":"summary_large_image","twitter_creator":"@nethemba","twitter_site":"@nethemba","twitter_misc":{"Verfasst von":"Pavol Lupt\u00e1k","Gesch\u00e4tzte Lesezeit":"2\u00a0Minuten"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nethemba.com\/de\/prelomena-ochrana-chip-and-pin\/#article","isPartOf":{"@id":"https:\/\/nethemba.com\/de\/prelomena-ochrana-chip-and-pin\/"},"author":{"name":"Pavol Lupt\u00e1k","@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234"},"headline":"Prelomen\u00e1 ochrana Chip and PIN","datePublished":"2010-02-15T00:38:58+00:00","mainEntityOfPage":{"@id":"https:\/\/nethemba.com\/de\/prelomena-ochrana-chip-and-pin\/"},"wordCount":487,"commentCount":0,"keywords":["anderson","chip and pin","mitm","murdoch"],"articleSection":["Unkategorisiert"],"inLanguage":"de","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nethemba.com\/de\/prelomena-ochrana-chip-and-pin\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nethemba.com\/de\/prelomena-ochrana-chip-and-pin\/","url":"https:\/\/nethemba.com\/de\/prelomena-ochrana-chip-and-pin\/","name":"Prelomen\u00e1 ochrana Chip and PIN - Nethemba","isPartOf":{"@id":"https:\/\/nethemba.com\/de\/#website"},"datePublished":"2010-02-15T00:38:58+00:00","author":{"@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234"},"breadcrumb":{"@id":"https:\/\/nethemba.com\/de\/prelomena-ochrana-chip-and-pin\/#breadcrumb"},"inLanguage":"de","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nethemba.com\/de\/prelomena-ochrana-chip-and-pin\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/nethemba.com\/de\/prelomena-ochrana-chip-and-pin\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nethemba.com\/de\/home-new-2025\/"},{"@type":"ListItem","position":2,"name":"Prelomen\u00e1 ochrana Chip and PIN"}]},{"@type":"WebSite","@id":"https:\/\/nethemba.com\/de\/#website","url":"https:\/\/nethemba.com\/de\/","name":"Nethemba","description":"We care about your security","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nethemba.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"de"},{"@type":"Person","@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234","name":"Pavol Lupt\u00e1k","image":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","caption":"Pavol Lupt\u00e1k"},"sameAs":["https:\/\/www.nethemba.com\/"],"url":"https:\/\/nethemba.com\/de\/author\/nethemba-admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/posts\/1050","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/comments?post=1050"}],"version-history":[{"count":0,"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/posts\/1050\/revisions"}],"wp:attachment":[{"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/media?parent=1050"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/categories?post=1050"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/tags?post=1050"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}