Slashdot Mirror
Possible Serious Security Flaw In ATMs
sfjoe writes "According to a story at MSNBC.com, researchers at Algorithmic Research (ARX) have shown it may be possible for 'someone with access to the ATM network to attack the special computers that transmit bank account numbers and PIN codes, called hardware security modules'. Using these methods, an attacker could trick the security modules into exposing a PIN. It has long been considered impossible to access PINs as they are traveling through the ATM network without the encryption key used by the card-issuing bank. If PINs can be compromised, the almost 8 billion transactions per year they handle may be in danger. Not to mention all the transaction at retail stores."
*Looks left and right*
Stop reading my tones!
You can't talk about Wikipedia's flaws on Wikipedia
Getting a bigger mattress to store my cash in.
I saw a news report the other day of a guy that hooked his a device (it may have been an iPod) to the back of an ATM where the phone line comes out, and intercepted the signal transmitting the information.
He was able to get credit card numbers, pins, and all of the other information transmitted, and stole a lot of money before being caught. And he wasn't caught by bank security or software, he was caught because a clerk was paying attention, IIRC.
Lose Weight and Feel Great with Isagenix
First one to refer to "ATM Machines" or "PIN numbers" gets slapped.
I am surprised this has not surfaced before. Every piece of technology can be hacked if given enough time and access. The only way to remain secure is to stay ahead of the hackers. FTFA: The attack theory is significant because it has long been considered impossible to access PINs as they are traveling through the ATM network without the encryption key used by the card-issuing bank. I am really quite surprised that it was considered "impossible" to hack for so long.
Great webhosting, cheap rates! Enter code SlashdotDiscount
Every bank I know of with back-end offices here in NYC requires everyone passing through their building doors to use onetime password cards (usually RSA keycards) for access. Yet those banks all make us run around broadcasting our PINs to whichever fly-by-night ATM dispenses $100 latenight when we're drunk.
The cost of chipcards that generate onetime passwords, to protect from replay attacks, is minimal. Especially compared with fraud and theft. What's taking them so long?
--
make install -not war
Well, the bank needs *some* way to authenticate you. The bank cannot trust any device on the ATM network to say: "Hello, this is stonertom. Really really really."
It would be easier to simply use a video camera over the shoulder of an ATM visitor, and just as effective.
Using the information directly at an ATM to get a couple of hundred dollars would be too much effort, too high risk, and too little return. More likely, the PIN would be used to obtain larger sums of cash via other methods - calling in a bank transfer or something to that effect.
While on the surface it seems unlikely that somebody would go through the hassle, if one gained access to the ATM network, and had means to unencrypt the traffic at least in part, there is a great deal more potential for crime than simply obtaining an ATM PIN number.
Banks shouldn't be reliant on security at the switches either - all it takes is one bad employee to reduce the effectiveness of on site security to nothing, and I imagine with the pay rates they are kicking out, there are more than a few employees vulnerable to trouble of one sort or another.
So if someone cracks the system do they become "The Lord of the PINS?"
Sorry, obvious pun joke. Had to make it. Any others?
I realize this topic is mostly meant for using a card at an atm to take out cash and the like, but whenever I use my debit card to actually buy something, I make sure to use it as credit, even though most stores' touch-and-swipe pads love to default to a keypad to enter a pin. I just hit 'cancel' then 'credit' and sign the screen. No pin gets transferred, so I don't have to worry about anyone stealing it. Usually, they ask for an id because my signature is so awful (added security for me). I get points for my purchases, which I may be able to redeem within the next decade. And best of all, if anyone does decide to defraud me this way, Visa and my bank will give me the stolen funds back (my bank covers the $50 or so 'deductible' that Visa normally wants). To quote Micheal Scott, it's a win-win-win. I'm safer, my money's safer, and Sam Walton gets less profits because he now has to pay Visa processing fees.
2^4 * 3 * 20929
I'm sure it's just a coincidence that Algorithmic Research (ARX) is a vendor of security solutions, including HSMs , and that ARX has been losing market share in that space for years and has a tiny market share (nCipher dominates the HSM market worldwide, Safenet, through acquisitions, has the next-largest market share, and then you start getting to competitors with very small market shares). I'm sure the researchers at ARX had no idea that almost all banks in the world use HSMs made by competitors of ARX and just wrote this paper to expose a very real security flaw, one that something tells me ARX HSMs don't allow...
FWIW, ARX was actually something of a leader and had some cool ideas... several years ago. I'm not sure whether it was because of financial trouble, incompetent management, neither, or both, but they were lapped by players like nCipher, Luna (now part of SafeNet), Utimaco, even Thales, which focuses on serving the credit card transaction market but doesn't have things like Diffie-Hellman key exchange because VISA and Mastercard don't require them, and yes, even the old low-cost option, Eracom (bought by Safenet in order to do away with a pesky competitor).
"It is nice to know that the computer understands the problem. But I would like to understand it too." --Eugene Wigner
Actually I'd hope it because she is honest.
I work at a 'switch' that the article describes. It would be REALLY hard to do what they are describing, even having inside access. Not to say it couldn't be done, but the person doing it would have to have some serious clearance to get access to the HSM and the system it is on. If they do have that kind of access, it is pretty unlikely that they have the technical know-how to go about doing what the article describes.
Usually the people that have the technical know-how don't have userid's or passwords to the production system, never mind the HSM.
I would be much more worried about someone with a hidden camera getting your PIN in a gas station than this. Alot cheaper and easier to pull off.
They're supposed to check your signature, but not your ID.
Remember those Visa Check Card commercials from a few years back, where some easily recognizable celebrity would walk into a store without his ID, try to pay for something with a check, and be frustrated when the clerk couldn't recognize him? The point was you don't need ID when you pay with Visa, you just need your signature. In fact, it's against Visa's merchant rules for a store to require ID with a purchase: they can ask, but if you refuse, they still have to go through with the transaction. (If they won't let you pay without ID, call (800) VISA-911 and file a complaint.)
Visual IRC: Fast. Powerful. Free.
I personally have experience configuring the HSM's and implementing the types of security referred to in this article. To understand how unlikely this hack is, I would have to go into a deep conversation with regard to how these HSM's are supposed to be configures and implemented. The brief version: Typically, PIN's are stored by your card issuer ONLY in their encrypted format. The keys that do the encryption are stored in the HSM and SHOULDN'T be exportable. When enter your PIN at a POS or ATM, it is 3DES encrypted and sent over the wire as an encrypted pin block (EPB). When an inbound EPB is fed into the HSM, the originating bank pulls an encrypted version of your PIN and feeds that into the HSM. The HSM _should_ be a black box and decrypts both in inside of protected memory, makes a comparison of the two PIN's, and returns TRUE or FALSE. PIN's are stored by the card issuer in encrypted form and are NEVER reversible to people. When you forget/lose your PIN, the card issuer will typically issue a new PIN. That's because they CAN'T read a PIN. The PIN is DES encrypted by a symetric 128-bit key that is encrypted by another key which is NEVER NEVER known to any human. If this hack is proposing to repeatedly "guess" EPB's until they get one right, or do EPB->EPB translation until they get something that makes sense.... you would be better off buying lottery tickets. LOL
My thoughts exactly.
There must be some reason (I hope) but the security model that they're describing in TFA seems horribly flawed. It depends purely on the security of some black-box hardware modules embedded at different points in the system.
Basically, what they're saying is that there's no end-to-end encryption of your "PIN block" (PIN+Account number, don't ask me why they're transmitted together instead of separately with some random transaction identifier). Instead, the ATM encrypts it for the next machine in the network, where it's decrypted and re-encrypted inside an (assumedly secure) hardware module. Then it's passed to the next link in the chain, ad infinium.
This wouldn't be bad, if the ATM first encrypted the PIN block using the public key of the eventual destination bank -- after all, the intermediate machines have no reason to actually know your information, they're just shuffling bits. However, to just use this transmission-level wrapper without actually encrypting the data seems horrifically stupid. It's nothing but 'security through inconvenience.' (It's not exactly even obscurity, since people seem to know how the system works, they just make it inconvenient to intercept the information by making the places where it's unencrypted relatively small.) From a crypto perspective, it's a broken system.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."