Slashdot Mirror
European Credit and Debit Card Security Broken
Jack Spine writes "With nearly a billion users dependent on smart banking credit and debit cards, banks have refused liability for losses where an idenification number has been provided. But now, the process behind the majority of European credit and debit card transactions is fundamentally broken, according to researchers from Cambridge University. The researchers have demonstrated a man-in-the-middle attack which fooled a card reader into accepting a number of point-of-sale transactions, even though the cards were not properly authenticated. The researchers used off-the-shelf components (PDF), and a laptop running a Python script, to undermine the two-factor authentication process on European credit and debit cards, which is called Chip and PIN."
Seems like the problem with this system is that the problem is that the PIN is stored on the chip... and that's just as stupid as writing it on the card! The attacks are simple... either a card that always agrees the PIN given is correct, or a terminal that tries to authenticate all 10000 PINS and then learns the right one.
Payment processors have for years been wanting to have an offline secure system, but it just doesn't work. With cheap enough data systems available everywhere, it's not hard for every Wal-Mart most rural gas stations to see a satellite. Get a $20/mo. dial-up account if you have to... there's no reason for anything that does money to be off the grid.
If the PIN is stored online like traditional ATM cards, then there would be a quick way to be sure there's honest checking of the pin and alarms if somebody fails too many times. The American "contact" systems are actually reasons to not require a signature or a PIN... but those are also designed for small-dollar transactions and keeping the fast food line moving. Sure, they're open to cloning risk, but they're willing to take that downside because there's enough upside to using the system.
They finally figured out how to bail themselves out
FTA: "The central problem with the EMV protocol is that it allows the card and the terminal to generate ambiguous data about the verification process, which the bank will accept as valid... while a PIN must be entered, any PIN code would be accepted by the terminal."
That's a serious flaw. You've got to insist on data being valid if you are going to record it as valid.
It's a good thing that we don't rely on ambiguous data in any other part of life.
Liberal? Conservative? Compare perspectives at Left-Right
... blame Python! :)
Generally, bash is superior to python in those environments where python is not installed.
Isn't Europe the same place where you can check yourself onto a plane with your RFID passport, even if you've cloned the chip and replaced the identity with Mickey Mouse?
I want to delete my account but Slashdot doesn't allow it.
The researchers used off-the-shelf components (PDF), and a laptop running a Python script...
It is long past time for governments to criminalize the use of Python.
More music, fewer hits
Chip & Pin has never been about minimising fraud - it's about pushing the responsibility from the banks onto the customers. And they're doing the same thing with the ridiculous Verified By Visa programme which just trains people to fall for phishing scams.
This is not news.
This is the way the system was designed.
It was designed to be shitty and insecure so fraud could continue.
It was sold as being highly secure in order to get them into widespread use and to get the laws set up to remove all liability from the banks as long as the system says the card is good.
The banks profit off of fraud.
This is all intentional, and it has been going on in criminal circles with these cards before day one. The only difference now is that some group has publicly revealed the sordid details.
"The researchers said the engineering and programming skills necessary to make a man-in-the-middle device to conduct the attack are elementary."
Why a four year old child could understand this.
Run out and get me a four year old child,
I can't make head or tail out of it.
Groucho in Duck Soup (movie)
Leave it to an English university to focus on phish and chips...
Slashdot: the only place which will make you wear a tinfoil hat with truths only.
well done Steven J. Murdoch, Saar Drimer, Ross Anderson, Mike Bond
please dont sell out now !
make sure that they publish and do so in a Open and transparent their new system !
regards
John Jones
http://www.johnjones.me.uk
p.s. i wonder what they 'purchased'
You got the WRONG continent.
Yours In St. Petersburg,
Kilgore Trout
Agree that these "security systems" are about dodging liability rather than providing good security. Of course, another big benefit to the bank is that it makes it much harder to transfer money over small amounts, say $1000, if you can't go to the office physically or don't use their "verification card". Money that the banks won't give back easily.
According to http://www.visa.ca/chip/cardholders/emvstandard/index.jsp, the EMV Chip & PIN standard is also used in Canada, not just Europe.
If they were smart enough to do that they wouldn't be in the mess to start with. Fucking wops.
Thank you for confirming the stereotype of American
1) arrogance,
2) redneck-ism,
3) ignorance of domestic issues,
4) ignorance of foreign issues, and
5) racism
in a mere 19 words. If there was a Nobel Prize for dumbest twat, you'd be a shoe-in.
This has been known for years. The machines and man-in-the-middle attacks are obvious, simply because you cannot verify the authenticity of any machine that you stick your card into and type your PIN. You have no clue that any one of them is doing what you think it should be doing. ATM machines are bad enough, but at least there is some sort of trust over the fact they are at a fixed point and there is some form of physical security around them. With chip and pin machines all you have is utterly blind faith that you have no choice but to accept, and then you get blamed for being insecure by the banks when the inevitable happens.
What have we heard about this in the mainstream press and media? Nothing. People, and those with a vested interest, obviously just want to deny that it can happen.
Use Cash.
You are being MICROattacked, from various angles, in a SOFT manner.
You know what helps you sound informed and intelligent? Reading the article. You know what makes you sound, well, silly? Not reading the article. Here's a clue to spark your interest: it isn't the card readers that are performing the man in the middle, it is the person in possession of the card performing the attack against a standard card reader.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
Is to include the PIN entered in the data encrypted and MAC'd by the card (this is sent to the bank.)
Then the bank could verify that the correct PIN was entered when authorising the transaction.
The python developers will change the interpreter and libraries, everyone will get fed up and just use the next big thing instead.
I predict. lua.
Deleted
http://www.youtube.com/watch?v=U1QAnb-wnTs ohhhhhhhhhhhhhhh CHIP AND PIN FAIL
"The FPGA board was connected to a Maxim 1740 interface chip, which was linked via thin wires to a fake card, used for insertion in the terminal." so, we'll have to hand over our card for the cashier to swipe.
Security was broken when EU agreed to give all European banking data to USA ;-)
Thankfully this was discovered in 2006 by Press, and EU governement decided to stop this.
and a laptop running a Python script
So, classify Python as a criminal tool, problem solved.
(the rule that you have to mention Python at every possibility cuts both ways).
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
and this actually happens quite a bit, we usually pay out unless
it matches the customers spending pattern,
they tell us they kept the pin with the card,
a family member was doing it.
I'm just curious as the article summary and article don't mention (I guess the PDF might, but from the article's description, it isn't clear)...
Do they still need the card?
The article seems to describe the attack as a man-in-the-middle attack.. i.e. card -> their device -> the card reader/writer. So the card instigates all the important bits (which back account number, etc.), and then their device sends back an 'OK' to the card reader/writer, happily ignoring the PIN part.
But does that mean they do still need to have a card? Or could they easily make their own card with the details of whoever (let's say they grab the bank account # off of some business registry website), and then go ahead and perform transactions with it + their device?
I was under the impression that one big reason for introducing Chip and Pin was to avoid the cashier handling the card. A big source of card fraud was bent cashiers photographing or copying the cards as they swiped them in the machines, using chip and pin means no-one else touches your card therefore negating another level of insecurity.
The article states that the banks dont accept liability for a transaction performed with PIN. This is true however the liability isn't pushed to the consumer, it is accepted by the card issuer instead (i.e. mastercard, visa etc.).
I also disagree with their assertion that chip and pin is fundamentally broken. EMV requires the card to generate a cryptogram at the end of the transaction. The card can simply refuse to generate this data if it hasn't received the correct PIN. I am a little suprised that the cards they tried don't do this already.
Some people here have suggested that the PIN be authenticated online. The EMV standard actually supports online authentication of PIN, its just that some banks choose to issue cards that use a PIN that is verified by the card instead because they don't have the systems in place to support online verification. Many banks
For all the people saying that the designers of the system dont know what they are doing i suggest they read the specifications (freely available on the emvco website). They are actually quite good and do support pretty much all of the improvements people here have suggested (and more). The problem is they need to be practical as well, something that most comments here don't consider. There is no point designing a foolproof system that no-one can use.
This hole can be removed and it most certainly will be if criminals start to exploit it.
EMV is an International standard implemented on ALL continents. Not just Europe. It was designed by two major US companies (Visa and MasterCard) and a small European one (Europay).
So no, its not a European standard. EMVCo: http://www.emvco.com/
And by the way, US is the only country with no plan to implement this standard that was imposed to the rest of the world. Why?...
Nice attack (and it seems pretty simple, actually). I wonder what dimwit decided it was a good idea not to authenticate the card's "PIN OK" success message in any way...
Proud member of the Ferengi Socialist Party.
Verified By Visa came up here recently.
The critical passage from the PDF is this one:
One goal of EMV was to externalise the costs of dispute from the issuing bank, in that if a disputed transaction has been authorised by a manuscript signature, it would be charged to the merchant, while if it had been authorised by a PIN then it would be charged to the customer. The net effect is that the banking industry, which was responsible for the design of the system, carries less liability for the fraud. The industry describes this as a 'liability shift'.
Security economics teaches us that such arrangements create "moral hazard," by insulating banks from the risk of their poor system design, so it is no surprise when such plans go awry.
The main security fraud taking place here is duping the customers (and the courts) into thinking there's any security associated with the PIN protocol in the first place.
Let's make this clear to the court, in terms they might be able to comprehend.
Let's say you have a band of tax evading Massachusetts patriots concerned with the migratory cycle of lobsterbacks. They approach a fellow named Paul and tell him that they have set up special tower with a lantern and then hand him the key and some simple instructions, along with the parting shot "don't F this up, we know where to find you!"
Later, the patriots spy the wrong single lantern signal from the vague proximity of the special tower, make the wrong decision, and America drinks tea forever after. The patriots are pissed. Paul, you F-ed this up! You were the only one with the key to the signal tower.
To which Paul replies:
What colour was the lantern light you witnessed?
Same as any other lantern, you dolt!
Did you tell anyone about the protocol who might abuse it?
No of course not! We've never told anyone who doesn't hold a key.
And how many keys did you give out?
Oh, about a billion.
And you could clearly identify my tower on a dark night?
Absolutely. It was the only lantern light clearly displayed above the horizon in your general direction.
What if it wasn't my lantern?
Impossible. You had the only key.
It'll be a rough night for the EMV consortium if they are ever visited by the ghost of patriots past, who would likely take a pretty dim view of the institutional foolishness on display here.
One of the selling points of this system is that you DON'T need to let your card leave your sight, or even your hand, as before when magnetic strips were used that was good indication of having your card copied.
The terminal you put your card is is usually wireless or has a long cord so you can pick it up to better hide your pin when you enter it. This makes using a card with wires going up your sleeve quite easy to get away with and keeping hold of the card is not unusual behaviour that would arouse suspicion. See the BBC video here:
http://www.bbc.co.uk/blogs/newsnight/susanwatts/2010/02/new_flaws_in_chip_and_pin_syst.html
Come as you are, do what you must, be who you will.
Credits cards have always had this problem.
The reason this works with credit cards is little or no checking is done at the place of purchase. It is expected that the customer will check there monthly statement and notify the bank / credit company of any issues.
"The researchers used off-the-shelf components (PDF), and a laptop running a Python script, to undermine the two-factor authentication process on European credit and debit cards, which is called Chip and PIN."
Oh some Americans already have a similar system. It's called Ball and Chain. Courtesy of this system there's little fraud because all transactions are wife approved.
Shai Schticks:"You don't make peace with friends, you make peace with enemies"
well for one thing I don't think anyone would give you a bill consolidation loan if your on social security because if you were to default on the loan your social security earnings . Colopure Cleanse
To actually be secure, the card and the terminal would need to generate a shared secret in a way immune to a MitM attack, which can only reasonably be done with a certificate and a certificate authority (or other public key infrastructure), just as is done with HTTPS.
They could use Diffie-Hellman key exchange to generate a shared secret such as a symmetric encryption key. But this might be beyond the ability of the chip.
You can buy stuff online just by giving numbers written on the card...
It's nothing new that SDA EMV cards are vulnerable on this kind of attack. I tell you even more, it's quite easy to copy SDA card. DDA cards have no such security issues. If they think they receive PhD thanks to this paper they're wrong.
so just had a quick look and this is all done with a fake card wired to a computer... i.e. not very practical in reality.
it's very common for the merchant to take back the terminal once you've entered the pin, print of the recipts then hand your card back to with your recipt, at this point they may notice the wires dangling from your sleve.
the only reliable places where this wouldn't happen are large retail stores and newsagents that have installed the static terminals.
so as long as you stick to:
1) i havd you my card
2) you keep it in my sight and also check for "omg wires!"
3) i enter my pin
4) you complete the transaction and return my card
everything should be sweet.
just saying...
The idea of forcing people to enter PINs into any machine controlled by a retailer was ridiculous from day one - the supposed extra security of Chip & Fraud was merely a way for the banks to transfer liability for fraud to the customer. (Happily the FSA has now forbidden them to do this unless they have actual genuine proof that the customer gave away their PIN - well done guys, springing into action after only 4 years of complaints).
This is normally printed on the receipt and either sent online to the bank or uploaded later in a batch transfer. If the system has been implemented sensibly it shouldn't be difficult to prove that this has happened. For an online transaction I don't really see how it can happen at all in a well implemented system.
Calling EMV broken is laughable. First EMV supplys a variaty of options that are scalable in complexity and security. For example SDA, EMV covers the possibility of a static authentication, is it safe? not realy. Replay attacks are super easy. ,where unlike SDA the cryptogram is not static, meaning that replay attacks are not possible. HOWEVER it does not prevent WEDGE attacks or man in the middle, whatever you want to call it. This DDA weakness, as the SDA weakness are documented, reading it right now in one famous card issuer company (TOP3), that even don't allow cards issued with DDA and SDA , this document is 4 years old.
About the attack this guys use. DDA, that means dynamic authentication
There is a 3 option CDA, this avoids both MITM and Replay attacks. It very similiar to DDA, but adds one level of security, it puts all the sensitive data INSIDE the crytogram, including the PIN OK verification, this guaranties that the PIN OK comes from the card, as the card is the only one that can generate the cryptogram (Private Key). Making this kind of attack impossible without cracking the private keys .
Concluding, Its the issuers responsability to implement the best options AVAILABLE (EMV offer various options of security level vs complexity ) for the level of security to their needs.
The weakness here is TOTALY the issuers fault.
PS. this is not a genius attack, it's a well none fact to EMV, it's not a dirty secret. Making news of this is just.. wierd. Take from a guy who actualy works with the stuff.
I'll take Fish and Cushion over them any day of the week...
So would this attack be called phish and chips?
'He who has to break a thing to find out what it is, has left the path of wisdom.' -- Gandalf to Saruman