An article relating to this blog post on Finextra:
Cambridge boffins crack banks' CAP protocol
Steven Murdoch, researcher in the Security Group at the Computer Laboratory of the University of Cambridge, talks with Finextra about the vulnerabilities of the CAP Protocol.
See article
Today, Finextra published a video interview with me, discussing my research on banks using
card readers for online banking, which was recently
featured on TV.
In this interview, I discuss some of the more technical aspects of the attacks on card readers, including the one demonstrated on TV (which requires compromising a Chip & PIN terminal), as well as others which instead require that the victim’s PC be compromised,
but which can be carried out on a larger scale.
I also compare the approaches taken by the banking community to protocol design, with that of the Internet community. Financial organizations typically develop protocols internally, and so are subject to public scrutiny late in deployment, if at all. This
is in contrast with Internet protocols which are commonly first discussed within industry and academia, then the specification is made public, and only then is it implemented. As a consequence, vulnerabilities in banking security systems are often more expensive
to fix...
Read more at Light Blue Touchpaper...