PINATA: PIN Automatic Try Attack

Presented at DEF CON 29 (2021), Aug. 7, 2021, 1 p.m. (45 minutes).

A brute force attack is a trial-and-error method used to obtain information such as user passwords or personal identification numbers (PINs). This attack methodology should be impossible to apply to the actual secured EMV bank cards. In this talk, we will analyze how an inadequate implementation could rely on an extreme and sophisticated PIN brute force attack against 10,000 combinations from 4 digit PIN that could affect millions of contact EMV cards.


Presenters:

  • Salvador Mendoza - Security Researcher, Ocelot Offensive Security Team
    Salvador Mendoza is a Metabase Q security researcher and member of the Ocelot Offensive Security Team. Salvador focuses on tokenization processes, payment systems, mag-stripe information and embedded prototypes. He has presented on tokenization flaws and payment methods in different conferences such as Black Hat USA, DEF CON, HITB, Troopers and many others. Also, Salvador designed different tools to pentest mag-stripe information and tokenization processes. Author of "Show me the (e-) money Hacking a sistemas de pagos digitales: NFC. RFID, MST y Chips EMV". A Spanish-written book with a collection of different attacks against payment systems. @Netxing salmg.net

Links:

Similar Presentations: