Member since

Steven's blog archive

2012 (1) 2010 (5) 2009 (3)
Steven Murdoch

Steven Murdoch

Royal Society University Research Fellow at University College London
Message Message me Posts: 9 Comments: 35
Bio Dr Steven J. Murdoch is a Royal Society University Research Fellow in the Information Security Research Group of University College London, working on developing metrics for security and privacy. Career History Consultant on computer security, researcher, expert witness.


Information Security

Chip and Skim: cloning EMV cards with the pre-play attack

11 Sep 2012

The EMV (Chip & PIN) protocol requires ATMs and point-of-sale terminals to generate a random number. If this number (known in EMV terminology as the "unpredictable number") isn't random, Chip & PIN is left vulnerable to the "pre-play" attack, which is indistinguishable from card cloning to the bank which issued the card...


Information Security

UK Cards Association attempt to supress Cambridge research

25 Dec 2010

The UK Cards Association (previously known as APACS) has written to the University of Cambridge asking them to remove a paper, claiming that it contains information that might be of use to criminals. The thesis, from a master's project by Omar Choudary, showed how to build a device that protects cardholders from tampered Chip & PIN terminals. ...


Information Security

Reliability of Chip and PIN evidence in banking disputes

26 Feb 2010

It has now been two weeks since we published our paper “Chip and PIN is broken”. Here, we presented the no-PIN attack, which allows criminals to use a stolen Chip and PIN card, without having to know its PIN. The paper has triggered a considerable amount of discussion, on Light Blue Touchpaper, Finextra, and elsewhere. One of the topics which has...

Information Security

Chip and PIN is broken

12 Feb 2010

There was a 9-minute film on Newsnight yesterday evening (available online) showing some research by Saar Drimer, Ross Anderson, Mike Bond and me. We demonstrate a middleperson attack on EMV which lets criminals use stolen chip and PIN cards without knowing the PIN. Our technical paper “Chip and PIN is Broken” explains how. It has been causing qui...


Steven is Commenting on