Slashdot Mirror
Criminals Hacked Chip-and-PIN System By Perfecting Point-of-Sale Attack (net-security.org)
An anonymous reader writes: When in 2010 a team of computer scientists at Cambridge University demonstrated how the chip and PIN system used on many modern payment cards can be bypassed by making the POS system accept any PIN as valid, the reaction of the EMVCo and the UK Cards Association was to brand the attack as "improbable." After all, the researchers used a bulky tech setup that had to be carried around in a backpack but, as it ultimately turned out, a year later an engineer based in France found a less obvious way to perform the attack.
Improbable anybody would do it..
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
We didn't lock the door because we didn't think anyone would try the knob? Hope somebody's head rolled for this incompetence!
Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.
Just good to mention that Chip & PIN cards would not have prevented the Target breach in any way as mentioned in Brian Krebs follow up article:
https://krebsonsecurity.com/20...
"0 – The number of customer cards that Chip-and-PIN-enabled terminals would have been able to stop the bad guys from stealing had Target put the technology in place prior to the breach (without end-to-end encryption of card data, the card numbers and expiration dates can still be stolen and used in online transactions)."
If you read TFA, you'll see that the issue exists because people wanted the card to be able to be used without the PIN present, presumably in cases where a PIN terminal wasn't available. All that the hack does is convince the card to process the transaction as if it was a chip-and-signature transaction, which most places can choose to trigger by hand.
As long as you want cards to work without the PIN, they will be vulnerable to being told to work without the PIN. That's just a fact, unfortunately.
The other benefits of chip transactions, the best of which is that each transaction is unique rather than simply a relay of TRACKDATA with a M_ID and an amount attached to it (basically making stolen card transmissions worthless instead of the current "just as good as a real card"), still remain and are highly significant.
You're special forces then? That's great! I just love your olympics!
It looks like the way it works is that you just ask the chip if the PIN was OK or not. They bypassed it by using putting a chip above the one from the stolen card that just always returns OK.
This is clearly a bad way to design a security protocol.
Is it a rerun of the YesCard story from year 2000?
A French engineer named Serge Humpich managed to make fake credit cards that could fool offline terminals no matter what PIN was entered.
I'm not the least bit sold on the security of these new cards. I had one issued to me by my bank a couple months ago, and the card was nonetheless compromised within a month. I made exactly one POS transaction with it at a chip terminal (several at non-chip terminals) and all of a sudden someone else decided to pay their cell phone bill with my card.
Rather unsurprisingly said cell phone company didn't give a flying fuck about the fraud and refused to be the least bit helpful. Now I have to pay my bank to go after it.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
You'd think it would be obvious, but an attack never gets less good over time.
Of course the research attack was large and bulky. It had a full laptop in a backpack and a bunch of not very dense electronics and stuff since it was part of a research demo. Research demos are generally the minimum required to prove that something works.
Once an attack has been found the only vaguely sensible thing to assume is that it gets better, easier and more slick over time.
Then again, the banks were idiots in the first place and tried legal threats to keep it quiet. Because as we all know that makes security holes vanish.
SJW n. One who posts facts.
Chip&PIN has always been broken. We're already moving to systems such as Google Wallet / ApplePay, which (whether or not they actually are secure) at least have the theoretical potential to be secure - something which Chip&PIN could never claim.
-- 'The' Lord and Master Bitman On High, Master Of All
Just good to mention that Chip & PIN cards would not have prevented the Target breach in any way as mentioned in Brian Krebs follow up article
The CC number would have been compromised. But the PIN would be secret. The whole point of the PIN is that the CC# alone is not enough to complete a transaction.
Just good to mention that Chip & PIN cards would not have prevented the Target breach in any way as mentioned in Brian Krebs follow up article: https://krebsonsecurity.com/20... "0 – The number of customer cards that Chip-and-PIN-enabled terminals would have been able to stop the bad guys from stealing had Target put the technology in place prior to the breach (without end-to-end encryption of card data, the card numbers and expiration dates can still be stolen and used in online transactions)."
Correct. Chip & PIN would not have solved anything.
To provide an example...I used my Chip card the other day. The vendor was having an issue with their chip reader, so the POS operator put in an override to allow it to be swiped. So another easy way to by pass the Chips? Make a hack that makes the system think the reader is unusable.
Truth is like the sun. You can shut it out for a time, but it ain't goin' away. - Elvis Presley (source: imdb.com)
"0 â" The number of customer cards that Chip-and-PIN-enabled terminals would have been able to stop the bad guys from stealing had Target put the technology in place prior to the breach (without end-to-end encryption of card data, the card numbers and expiration dates can still be stolen and used in online transactions)."
That "article" is painfully lacking in details. End-to-end encryption (E2EE) was already in use. But it was from the POS to the bank. The Target hack involved attacking the POS terminal and copying the information before it was encrypted. These new chips do nothing to prevent this, because the POS is still handling encyrtion (at best). True end-to-end encryption where the encryption is in the chip would fix this problem, but it doesn't exist yet. reference
This doesn't seem to be right. To make online transactions you need the CCV number on the back of the card. That number is not normally transmitted when you make a chip-and-pin payment. At least, that's the way it works in Europe, maybe the US chip-and-pin system is different.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
This system was hacked years ago by a handful of teenagers trying to get more minutes on their public phone calling cards (when Cellphones were not as popular as they're today) The method was exactly the same, strip an already used card of the circuit logic and file it so it fitted alongside a good card, this made the phone charge the funds but not update the remaining funds on the good card, rinse-and-repeat. Chip and PIN is of course, not secure, but at least it beats (if by little) the CHIPless cards that are way easier and cheaper to clone.
Just good to mention that Chip & PIN cards would not have prevented the Target breach in any way as mentioned in Brian Krebs follow up article:
https://krebsonsecurity.com/20...
"0 – The number of customer cards that Chip-and-PIN-enabled terminals would have been able to stop the bad guys from stealing had Target put the technology in place prior to the breach (without end-to-end encryption of card data, the card numbers and expiration dates can still be stolen and used in online transactions)."
Since Krebs doesn't get it, for the benefit of Slashdot, the information he describes as a failure of the system, the card number, name, and expirery, are all meant to be open access, by design. If you don't understand why this is a good thing, read the spec.
Improbable in computer security means inevitable. Impossible means it cannot be done - yet.
To make online transactions you need the CCV number on the back of the card.
It's not a universal requirement, and many sites don't even ask for it.
I've noticed that many of the terminals that are being used for chip based transactions in the US have an exposed USB port on them. Seems to me, that's a likely entry into the system that will make for a future really big breach.
But kind of a moot point, since in the US there is no "PIN" to go along with the Chip. Just is chip and sign, you don't have to come up with nor remember a pin for each credit card you have and use with the new system here.
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
Merchants can pick what level of card security they use online. The best possible is 3D-Secure and friends which involve the user authenticating to their bank when a card transaction is made. But some merchants don't like the additional complexity and overhead it adds to the purchasing process, they prefer to do their own risk analysis and bug the user less .... possibly swallowing the fraud if they let it through. Amazon famously doesn't ask for the CVV code because they think they can sell more if they avoid it, and they are confident in their own fraud detection abilities.
Criticising EMV for not preventing skimmed Target details from being used online is kind of dumb, given that it wasn't designed to protect internet transactions at all.
Just good to mention that Chip & PIN cards would not have prevented the Target breach in any way as mentioned in Brian Krebs follow up article: https://krebsonsecurity.com/20... "0 – The number of customer cards that Chip-and-PIN-enabled terminals would have been able to stop the bad guys from stealing had Target put the technology in place prior to the breach (without end-to-end encryption of card data, the card numbers and expiration dates can still be stolen and used in online transactions)."
Except that chip cards don't provide the same card number for every transaction. In an EMV transaction the cashier requests that the terminal read the chip. Data from the chip gets sent to the processor. The processor sends data back to the card, which is then used to perform an action on the chip. Once the chip is done, it sends all of the information needed to capture the transaction to the processor. But it does not contain the actual card number.
EMV transactions all contain cryptograms with the card number. Target would only be able to see, at most, the first 6 digits and the last 4 digits of every card. Target would not have had anything to compromise. The processor would have had information that would be usable once to complete a single transaction. The card could not have been cloned. The card number could not have been reused in an online transaction because it would have been marked as a duplicate and fraudulent transaction. So therefore, chip and pin would have protected everyone in the Target breach. That's assuming an actual EMV spec transaction occurred. The back and forth communication between the card chip and the processor is the reason that the card must be left in during the transaction.
This doesn't seem to be right. To make online transactions you need the CCV number on the back of the card. That number is not normally transmitted when you make a chip-and-pin payment. At least, that's the way it works in Europe, maybe the US chip-and-pin system is different.
The CVV can be read, in clear text, from the terminal data. It is not encrypted. While they do not need to store the CVV data separately from the encrypted card data, Target could still have access to this info.
At least this hack requires the criminals to steal the actual card (rather than just skimming information from a real card when the owner lets you borrow it). I think 2-factor authentication is good and it's too bad this system failed, but the original mechanism of preventing unauthorized use without physical access to a real card seems to be working pretty well.
We in the US have chip and signature, and are therefore immune to any such attack involving a PIN.
Except we dont use PINs online anyway.
Since Slashdot is useless, I'll post a summary.
http://www.net-security.org/im...
Stolen chip with malicious chip soldered on top. No idea why you need a second stolen card for the body as shown in the image.
Malicious chip MITMs the POS PIN challenge and says it's all good. Malicious chip in this case is a "FUNcard" chip. Basically a generic system you can buy for your laundromat, arcade, carnival, whatever.
This was done in France in 2011. EMVCo claims they've fixed this or made it harder. They won't say how. No one believes them.
What's even more ridiculous is that no merchant in the US validates the signature. You just sign it and it's instantly approved, because it costs too much time to hand over the card to the clerk and make him or her verify the signature.
In China, however, you use:
1) A 6-digit PIN by default (Europe is usually 4-digit PIN, and often cannot be changed from the PIN assigned by your bank)
2) A signature on the merchant copy of the recipt
3) The clerk verifying the signature
Fraudsters will improve the hardware. Eventually a shim will be made that is barely visible, interposes a chip to intercept and alter messages, and the cycle continues.
Terminal makers are probably working on reducing the tolerances for card thickness to defeat this shimming.
And as cards move to non-embossed plastic, this will be a problem until all embossed cards are gone. then the slot will be thinned, and the shim will be harder to make. Possibly the cards will be shaved to permit a shim on the top. Expect such cardstock to become contraband, or someone to step up and make an unrelated card payment system to justify manufacture, avoiding the criminalization of shaved cards as the source of shimmed cards.
Possibly even trying to restrict the use of EMV-compatible connector pads.
All futile.
deleting the extra space after periods so i can stay relevant, yeah.
The skimming could still take place but the card can't be cloned. Cloning is the majority of card-present fraud and the chip effectively eliminates it.
Rational thought is the only true freedom
The answer to that appears to be technically yes, but practically no. The PDF of the forensic analysis says that not all of the card standard was implemented on the funcard.
First, it did not respond properly to parity errors in the data stream from the POS. The document says that "coding, testing, and deploying this countermeasure took less than a week." -- This means that POSes are updated or being updated to inject parity errors into the transaction to see if the card responds to them properly, an easy firmware fix for the hack to circumvent.
Second, the PDF says that the card responded incorrectly to a VerifyPIN command sent outside of a transaction context, which the standard requires (the PIN associated with the last transaction), and that "coding, testing, and deploying this countermeasure was done overnight." Again, something an attacker could address with a simple firmware update.
The document also says that "four other software-updatable countermeasures were developed and tested, but never deployed. These were left for future fraud control, if necessary.
In other words they found even more vulnerabilities but did not implement the fixes, choosing to wait until after they're exploited to do something about it.
Well the idea is that once enough there are enough chip readers out there, then banks don't need to accept numbers and expiration dates as valid authentication anymore. People can even get chip readers in their homes for instantly authenticated online purchases.
So a deadbolt on your front door is not going to keep a burglar from going into the back door you left open, but that doesn't mean your deadbolt isn't secure, it just means you need another deadbolt on your back door too.
It doesn't count as "chip and pin" if the hack involves bypassing the use of the chip and pin. A safe can't protect any items that aren't actually in it.
The card number isn't supposed to be secret. It's stamped on the front of the card, for cryin' out loud!
The whole point of the chip is to provide a public key token that can be verified against a private key. The issuer holds the private key. The chip contains a public key that generates tokens that can be verified by either the public or private key. The terminal submits an account number (card number, not secret) and a key token generated by the card-present chip (also not secret, just unique to the transaction).
The account/card number is simply an identifier. It's the "something you are" part of the security trio. It identifies who you are claiming to be. It's not secret or secure at all, and isn't (correctly) assumed to be so.
The chip is card-present verification. It's something you have. It authenticates the identity of the account by proving that you're holding the physical card at the time of the transaction. It's very secure.
The PIN is account-holder-present verification. It's something you know. It attempts to show that the purchaser is authorized to make this purchase. It's only as secure as the person that knows the PIN. If they're smart, they don't acknowledge they even have a PIN. If they're under duress, they divulge the PIN. If they're stupid, they give the PIN to anyone they feel comfortable with. People are not secure. Giving people a security token, like a PIN, and expecting them to not fuck up is a recipe for disaster. Everyone is better off assuming that all PINs are compromised.
Identity. Authentication of identity. Authorization for further action. Three steps. Something you are. Something you have. Something you know. This is well established security protocol.
Banks just don't care about the PIN because the laws in the US are structured so that it's never(*) the cardholder's fault. So this part is basically bypassed because it's meaningless in the US. It provides no protection to anyone. Zip. Zilch. Nada. So why bother people with it when it's pointless? So sign your "name" and call it good enough. It's no worse than ACH, and we don't hear self-righteous Europeans asking for an overhaul of that in the US, now do we?
And that brings us back to the "all PINs are compromised" assumption. If you make that assumption, then the US laws are correct and the European ones are deeply flawed. And why bother with always-compromised PINs when you can just retroactively validate against a signature with varying degrees of accuracy?
Screw Europe. They're doing it wrong.
(*) Well, not "never", but so close to it that banks just assume "never".
That's one of the first lessons in secure programming I was taught.
Chewbacon
The Bible is like Wikipedia: written by a bunch of people and verifiable by questionable sources.
This is even more silly, where I live if you simply put your card in backwards, the reader will say read error, ask you to swipe, then ask to put the card in again, if you put the card in backwards again it will ask to swipe and accept that. Yes you need to know the pin but you don't need the chip.
It reminds me of Microsoft Bob's security if you entered your password wrong 3 times it would ask if you wanted to change it.
We just don't like to acknowledge them and prefer to kid ourselves into thinking were a meritocracy...
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Chip and Signature should help reduce card cloning attacks because unless the cryptographic key on the chip can be read the application request cryptograms will never be correct so the transactions will be flagged.
Cloning has been done in the past:
* https://www.lightbluetouchpaper.org/2012/09/10/chip-and-skim-cloning-emv-cards-with-the-pre-play-attack/
Since the US adopted/is adopting the chip without the pin, we're already behind the curve.
It doesn't count as "chip and pin" if the hack involves bypassing the use of the chip and pin. A safe can't protect any items that aren't actually in it.
If you can by-pass it then it effectively nullifies any security provided, so yes, it does count.
Even aside from that, chip+PIN it no where near as secure as things like Google Wallet that provide single-use card numbers for each transaction.
It's also been shown that people can completely clone a chip+PIN card, again rendering the added security null and void.
Truth is like the sun. You can shut it out for a time, but it ain't goin' away. - Elvis Presley (source: imdb.com)
This is even more silly, where I live if you simply put your card in backwards, the reader will say read error, ask you to swipe, then ask to put the card in again, if you put the card in backwards again it will ask to swipe and accept that. Yes you need to know the pin but you don't need the chip.
Yeah. It doesn't save anything - just causes more headaches. They're only going after it to shift some liability.
It reminds me of Microsoft Bob's security if you entered your password wrong 3 times it would ask if you wanted to change it.
lol...kind of like a disk encryption software I used a few employers ago...if you ran out of attempts it was suppose to require help desk to unlock it. I accidentally discovered all you had to do was reboot the computer - even a soft-reboot worked IIRC.
Truth is like the sun. You can shut it out for a time, but it ain't goin' away. - Elvis Presley (source: imdb.com)
If you can by-pass it then it effectively nullifies any security provided, so yes, it does count.
So if I try to rob a house, and I "bypass" the security system by robbing the next house over, does that mean the security system of the first house sucks?
Even aside from that, chip+PIN it no where near as secure as things like Google Wallet that provide single-use card numbers for each transaction.
How is this more secure?
It's also been shown that people can completely clone a chip+PIN card, again rendering the added security null and void.
Do you have a citation?
Signatures are now not accepted in Australia. Chip + Pin only (or Pay Wave).
Far better since signatures were never checked anyway.
If you can by-pass it then it effectively nullifies any security provided, so yes, it does count.
So if I try to rob a house, and I "bypass" the security system by robbing the next house over, does that mean the security system of the first house sucks?
If you are able to use entry into the second house to steal stuff from the first house, then yes, that the security on the first house is insufficient protection. If the two are completely unrelated, then the security of the first makes no difference.
In this case, card vs card+chip+pin is like two homes with a tunnel between them. The first home might be more secure, but the tunnel is doesn't have any security on it. So the valuables in the first house are still at risk through entry into the second house; and the guy that sold the first house to the current owners failed to mention the existence of the tunnel.
Even aside from that, chip+PIN it no where near as secure as things like Google Wallet that provide single-use card numbers for each transaction.
How is this more secure?
The card number is single use. If they try to use it again, it doesn't work. So it's more secure in the same way that a one-time password is more secure. Google approves the single transaction, and denies any further ones. So yes, it's actually more secure but it also relies on NFC (Wallet+NFC, now Android Pay). It's less secure in that you're putting your bank/credit cards at a single source (Google, Apple, etc) and then using their services to make more secure transactions with others - so single point of failure in security. However, you're card numbers won't be stolen from Target, Home Depot, Walmart, or any other vendor you do business with.
It's also been shown that people can completely clone a chip+PIN card, again rendering the added security null and void.
Do you have a citation?
here's a couple:
http://securityaffairs.co/word...
http://www.theage.com.au/it-pr... - also referenced at http://krebsonsecurity.com/201...
So yeah, if Krebs mentions it, it's probably been proven sufficiently, and likely happening.
Truth is like the sun. You can shut it out for a time, but it ain't goin' away. - Elvis Presley (source: imdb.com)
IIRC, chip and pin cards have service code 202 on the track data, tells the reader to require use of the chip if the chip reader is present.
Change the service code back to 101 and it's a legacy magstripe card as far as the reader knows. Source: loop pay docs.
If you are able to use entry into the second house to steal stuff from the first house, then yes, that the security on the first house is insufficient protection. If the two are completely unrelated, then the security of the first makes no difference. In this case, card vs card+chip+pin is like two homes with a tunnel between them. The first home might be more secure, but the tunnel is doesn't have any security on it. So the valuables in the first house are still at risk through entry into the second house; and the guy that sold the first house to the current owners failed to mention the existence of the tunnel.
Yes, it is exactly like this, if the tunnel was put there specifically for people who did not know how to properly authenticate themselves to the security system, with the understanding that the tunnel will eventually be filled in when enough people know how to properly authenticate themselves. My point is that the existence of the tunnel is not a weakness in the security system, it is a temporary tunnel specifically designed to bypass the bypass the system, and can easily be filled in whenever "we" want.
The card number is single use. If they try to use it again, it doesn't work
It's more secure than a card number that is multi-use (old mag strip cards). But it is not more secure than a chip card with no numbers at all.
here's a couple:
Your first citation describes a vulnerability in a system with an "implementation flaw", and I think the 2nd citation is describing the same implementation flaw.
In this situation I believe the problem is not with the EMV cars system itself but rather individual banks usage of the system.
This is similar to how Sony's flawed implementation of ECDSA lead to the discovery of the PS3 private key. This is not a flaw in the ECDSA mechanism itself.
This is like having a really good security system and forgetting to turn it on.
You can, but basically no one has implemented Chip Authentication Program.
upon the advice of my lawyer, i have no sig at this time
As these researchers have pointed out publicly in 2010 but all the way back to the early 2000's to these chip and pin companies, the pin can just as easy be read out with the right equipment. It was deemed 'impractical' but as Krebs has pointed out and the Cambridge researchers as well in a more recent post, the technology to clone the necessary card info to do other transactions exists and has been perfected to the point of being nearly invisible.
Custom electronics and digital signage for your business: www.evcircuits.com
Krebs is pretty much wrong here. If EMV were employed at target, the card numbers would not even be exposed to the POS terminals, and thus would not be available to be lifted by hackers.
Since EMV chips generate a one time token, the tokens could be lifted by BlackPOS, but either the encryption would have to be broken or the payment network (Visa/MC) would have to be hacked to back out what the original card number is.
If any non-EMV cards were used via the traditional swipe method, they could be stolen, but the point of this thought experiment is to assume EMV were used universally.
I'm glad they don't verify the signatures as I mostly use my credit card at the local grocery store. They use one of those pads for you to sign and my signature when writing on glass looks nothing like my real signature. Not to say that my signature looks the same each time because it doesn't. Similar but often not that close.