Chip & PIN terminal can't play Doom, but Tetris runs just fine

by Paul Miller, posted Jan 4th 2007 at 8:59PM

So the processor might not be up to snuff for Doom, Linux, a NES emulator, or whatever other hacker software flavor of the month there might be, but a couple of University of Cambridge security nuts pulled apart a credit card reading "Chip & PIN" terminal and managed to get Tetris up and running on its teensy screen, which sounds good by us. The hack, while being a handy way to pass the time while manning a boring cash register, is actual a proof of concept for what could potentially be much more malicious hacks: if you can fool users into swiping their cards and entering in their PIN numbers into a modded terminal, there's all sorts of opportunity for theft. But we suppose as long as these guys are just in it for the classic gaming action -- and to expose potential security flaws in UK payment systems, of course -- there's not much harm in this hack. Make sure you check out the video after the break.

Filed under: Gaming

Subscribe to these comments

Reader Comments (Page 1 of 1)

Low Ranked

Alexander @ Jan 4th 2007 9:46PM

If you would bother to actually read the article, you would see that they remove most of the inner guts to make it LOOK like it was still a properly connected keypad--when infact it wasen't. The screen and the keypad are still from the terminal, but the rest is custom hardware to make it run a Tetris-clone.

Also, the quote from the keypad is from Wargames.

Please Engadget, research before you post stuff! I don't want to see you turning into Fox News with inaccurate/misleading news items.

Highly Ranked

alex @ Jan 4th 2007 9:55PM

The phrase "pulled apart a credit card reading "Chip & PIN" terminal and managed to get Tetris up and running on its teensy screen" sort of gave it away for me. Why do people always over-criticise engadget articles? Go start your own tech news site!

Neutral

Alexander @ Jan 5th 2007 9:55AM

I was referring to the TITLE of the article, not the quote you mentioned. Everybody else who reported this (the day before, I might add) had it correct.

Neutral

martyr @ Jan 5th 2007 12:32AM

This is truly a valid point...maybe why David Birch blogs this (http://digitaldebateblogs.typepad.com/digital_money/2007/01/assembling_the_.html): "if you have something with a keypad (ie, a phone) then why do you need to use anyone else's keypad? In fact, Crédit Mutuel in France have begun a trial to explore just such an architecture. The 200 bank customers in the trial use the phones NFC interface to effect a payment by waving their phone over the POS then view the amount on the handset display and enter their PIN on the mobile keypad."

Neutral

Jan @ Jan 5th 2007 8:04AM

Actually last autumn reports showed up that ec-card-Terminals have been rigged in southern Europe to collect the pin numbers while operating normally. Afterwards the collectors had the ec number and the pin which is all they need to withdraw money from the account.

Neutral

allens555 @ Jan 9th 2007 1:28PM

that guy sucks at tetris...

Add your comments

Your comments:

Remember me

E-Mail me when someone replies to this comment

Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.

When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.

To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.