PIN terminal learns to play Tetris

by Paul Jay, CBC News Online

Tamper-proof terminals are supposed to take away the risk to consumers using PIN credit and debit card processing machines.

But even if software on a system is impenetrable, some decidely low-tech means can allow theives to make a terminal work for them. Security researchers Steven Murdoch and Saar Drimer demonstrated this effectively by replacing the guts of a PIN terminal with a program that can play Tetris.

You can watch a video of it on YouTube.

The two programmers used the Tetris example to highlight potential security concerns for PIN terminals, although it wasn't much of a test of the software since they essentially replaced the hardware in the machine and kept only the shell.

Security experts have already proven they can have their way with voting machines by reconfiguring the software. The documentary Hacking Democracy explored the vulnerabilities of the Diebold machine in the U.S., while Dutch programmers hacked into an older machine and taught it how to play chess.

But while voting terminals are relatively new on the scene, PIN terminals are a trusted and ubiquitous part of the daily lives of consumers. If they can teach a PIN terminal's existing software to run Tetris, consider me scared.

Thanks to Boingboing and Engadget for the links.