NdK wrote: > IIUC that bit is not authenticated, so a MITM attack can force both the > reader and the card think the other party doesn't support PIN auth, > making the card sign the transaction anyway, regardless the amount > involved. So IMVHO it's quite serious...
http://www.cl.cam.ac.uk/~sjm217/papers/oakland10chipbroken.pdf http://youtu.be/gv3dxjvqk7Y //Peter _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel