Chip & PIN terminal playing Tetris 228
Fearful Bank Customer writes "When British banks introduced the Chip-and-Pin smartcard-based debit and credit card system three years ago, they assured the public it was impervious to fraud. However, the EMV protocol it's based on requires customers to type their bank account pin number into store terminals in order to make any purchase. Security researchers at the University of Cambridge Computer Laboratory derided the system as insecure at the time, as it gave access to customer's bank account pin numbers to every store they bought from. Despite these objections, the system was deployed, so researchers Steven Murdoch and Saar Drimer recently modified a straight-off-e-bay chip-and-pin terminal to play Tetris, with a video on YouTube, demonstrating that devices are neither tamper-resistant nor tamper-evident, and that even students with a spare weekend can take control of them. The banks are claiming that this can be reproduced only "in the laboratory" but seem to have missed the point: if customers have to type their bank account pin into every device they see, then the bad guys can capture both critical card information *and* the pin number for the bank account, leaving customers even more vulnerable than they were under the old system."
to misquote Franklin... (Score:5, Funny)
Re: (Score:3, Informative)
http://en.wikiquote.org/wiki/Benjamin_Franklin
Hold on a sec here... (Score:5, Insightful)
Re:Hold on a sec here... (Score:5, Insightful)
Re: (Score:2, Insightful)
The point being... (Score:5, Interesting)
My vision has always been a smart device with a crypto engine, that provides it's own display and entry. It would plug into POS equipment, and tell the POS equipment at first, only enough to identify itself and tell the POS which financial institution to contact.
The financial institution would receive from the merchant the account holders ID number and some info about the transaction (i.e. the amount, maybe an interval if a service, maybe a tolerance if a repeating service charge). The financial institute would look up the customer's public encryption key, and use it to encrypt all that data together with a challenge string, and send that back to merchant.
Merchant relays the encrypted package to the customer smart device. The device then (maybe using a passphrase to decode private key like a pin, but not linked to anything outside the device) uses the private key to decode the data, and display to user what the financial institution thinks the merchant is asking for with a confirmation. If user confirms details, the decrypted challenge is sent to POS and the merchant relays it to Financial institute.
Financial institute upon receipt of a correctly decoded challenge, authorizes the transaction, and gives the merchant an affirmative response with an authorization code that is *only* valid for that specific transaction.
Here, the financial institute *only* has the customer private key, so ripping off that database won't give anyone access to the account. The merchant knows they are getting the money, but isn't left with anything they *could* use to get more money than the customer authorizes directly. The only place that has the private key is the customers smart card, which should *never* allow it to be transferred out (probably should be generated by the card and only the public part uploaded when issued). If using a passphrase for storage of the private key, it even has resistance to physical theft.
For bonus points (actually, I would pretty much demand it), have it somehow able to plug into usb ports for online transactions. Of course, online, the customer and financial institute can talk directly, simplifying some of it, but the model need not be changed much for online stuff). Again, the PC would never get the private key, so you would have to use the device.
I would *pay* an upfront charge to help cover the cost of the device in exchange for such security. If it's half-assed and uses merchant display/entry, or shares the private key *ever* theoretically, I wouldn't.
Re: (Score:2)
My idea.... (Score:3, Insightful)
My thoughts are that after you swipe your card, the terminal should give YOU a PIN number that should match a PIN that the bank sends you with your card. At this point, once you verify that it is indeed legit, you provide your counterpart PIN.
And since it doesn't have to be entered, it could be a word, or with LCDs, even an image.
Hell, for that matter,
Re: (Score:2)
While your idea seems very well thought out, it still wouldn't gaurantee it couldn't be a dummy terminal that's designed to collect swipe data and pin codes.
The idea was that all input and display was on the device the customer always carried *with* them. They never touch a button or trust anything displayed by the merchant's equipment. The POS half would be a plug with basic data I/O lines and power. The device is expected not to be tampered with because the customer always has it. In order for it to be compromised as described it would have to be physically stolen and swapped. Even then, it would be unable to complete a transaction. I.e. you plug it in
But.... (Score:2)
Re: (Score:2)
NOT A CRACK: I think you're missing the point too (Score:2)
Any system can trick users by social engineering. But techincally this chip-and-pin system is still secure in the face of that. Their weak point is that because the overseas transactions are ro
Re: (Score:2)
While it is possible to build a 100% guaranteed nobody-will-ever-beat-this-and-I-don't-care-how-de termined-they-are system in theory, nobody in the whole of history has built one in practise.
Or at least, not without some undesirable side effects. For instance, I can make my car 100% guaranteed impossible for a potential thief, no matter how determined, to drive away, but it's a mite inconvenient for me because I'd have to have it crushed.
What instead you have to
Re:NOT A CRACK: I think you're missing the point t (Score:2)
Go to your local ATM and draw out $$$. Most ATMs still use the mag. strip and haven't been upgraded to chip/pin yet.
btw. up until *very* recently (last month or so) you could walk into tescos and buy groceries with a clone magnetic strip without even access to the pin - their software wasn't geared up to read it so it just assumed the card was legit... and since this was the 'self checkout' nobody even looked at it.
Re: (Score:2)
But you haven't completed the social engineering scenario. Here's the problem -- after they put their card in & type in their pin to the fake machine, the money won't be paid to the store. Because the system is really just a mock-up designed to /look/ like a chip-and-pin system, it won't actually talk to the bank to get the store its money.
So to collect anybody's pin, the store basically needs to eat the money they would have gotten for the transaction. Not a cheap thing to do.
I suppose they coul
Re:Hold on a sec here... (Score:4, Insightful)
Re: (Score:2)
Question: what role does the 'chip' have? Does it have any way of securely authenticating the transaction with the merchant, and thus in some way verifying that the merchant trusts the terminal? The article summary suggests that the same old information is on the mag strip.
Re: (Score:2)
There are some fraud problems. Mostly, people hook up card cloners to ATMs and have a small camera set up to record pin numbers. Then again, they also do that in the US, as well.
If entering your PIN at the store is a significant vulnerability, it's one that has existed here for 10 years without significant
Re: (Score:2)
(*yeah, ok, very difficult!)
I wrote Tesco's system you should all listen to me (Score:5, Informative)
Whether you should listen to me or not is another matter.
The chip controls the transaction. That's how it goes. The chip decides if it can trust the terminal or the bank based on cryptographic signing operations. The terminal is verified by a process in which it concatenates various pieces of data, performs a crypto op on them and presents the result to the card. The card compares this to its own result (depending on the card it either has one precalculated and uses the same one each time (low security) or does the same calculation itself on a set of data including some session data (better security)).
PIN is encrypted as soon as it is entered and should never leave the device it's entered on in plaintext form, it is presented to the card as a cryptogram for validation.
When a transactioon is presented to the bank for authorisation it is presented with yet another cryptogram so that the bank can validate the card. The response also comes in the form of a cryptogram so that the card can validate the bank.
However, I'll agree, all this is pretty useless if someone can get inside the terminal and intercept the PIN at hardware level. Other than that and the looking-over-shoulder social security hole problem, EMV's pretty bullet proof. Your PIN doesn't ever even get to the PC that's running the transaction.
If you want to know more then the actual standards are available at EMVco [emvco.com], but they're the nearest thing to legalese I've ever encountered as a software Dev. I'm out of the payments game now, but my knowledge should still be pretty relevant, I hope.
Doesn't this assume hardware integrity? (Score:2)
Thanks for that explanation. However, doesn't this presuppose that you are slotting your card into a bona fide machine? Couldn't someone do what the team in TFA have done and replace the innards of a chip and pin machine with new electronics? Then this machine could fake the entire process of entering your pin, the whole "Checking card, not not remove", "Please remove card" thing, spit out a receipt from the cash register and away you go, innocently believing that you have just completed a purchase when in
Re: (Score:2)
Same syndrome with websites being vulnerable to phishing.
Authentication has to be TWO-WAY.
The punter has to authenticate themselves to the bank - AND the bank has to authenticate themselves to the punter.
The punter is an incredibly intelligent being and yet they're being deliberately treated as a 4 digit number (not even a dumb terminal). Such a colossal waste of CPU p
The card does authenticate the bank (Score:2)
I know a 4 digit number isn't the height of security, but what would you suggest that cardholders do to identify themselves?
Remember that old people and idiots have to use the system.
Also it is futureproofed to allow for Fingerprint/Iris recognition or other methods in coming years.
Doesn't everything? Not as bad as it sounds (Score:2)
Chip and PIN is designed to card cloning and to some degree theft. Now card cloning was rife with magnetic strip cards because they were extremely easy to clone. A shop assistant or a waiter could easily pass your card through an extra reader and take the details, pass them on to someone else and then the card could be used all over town. This is eliminated as card
Re: (Score:2)
Not true, at least around here... I have a debit card with a broken chip (long story) & can use it to withdraw cash at ATMs - just not pay for groceries (although I can use it at NPC car parks as they're not chip/pin enabled yet).
Yeah, that legacy security hole again (Score:2)
They likely haven't got around to replacing a large part of the ATM estate, banks are good like that. Everyone has to jump to theiur tune but they don't always follow it themselves.
Re:I wrote Tesco's system you should all listen to (Score:3, Insightful)
Yes (Score:2)
Re:I wrote Tesco's system you should all listen to (Score:2)
Legacy (Score:2)
I don't know which country you're in but the legacy magnetic stripe behaviour differs by country. In the UK we never had a system of Stripe + PIN, it was Stripe + Signature, whereas I noticed in the US that PIN was prevalent.
Re: (Score:2)
The self checkout devices for a long time didn't check the pin at all.. you just swiped the cards with the magnetic stripe (which could easily be cloned.. nobody checked) and walked out. This was long after the rollout of chip/pin as well.. it was still doing it in early december then they added an extra stage - now you swipe your card and have to put your card in a device (and enter pin).. so they've gone for the overkill.
Re: (Score:2)
This hole is bad, but not that bad.
Re: (Score:2)
Basically even a dodgy merchant can't clone your card.
Umm, yes there is! (Score:2)
Yes there is! You present the card with an encrypted PIN block in ISO (8583? it's been a while) format. The Shiv would get you that but nothing else of any use.
ATMs *should* be getting upgraded to chip and pin by the banks. Whether they are or not is anyone's guess.
And yes, a lot of terminals do have RS232, if the keys leak then that's a security vulnerability.
I said in a another post - this is more about shifting liability from the ban
Hold on, memory not what it was.... (Score:2)
Re: (Score:2)
Re: (Score:2)
They got it to play tetris by replacing the majority of the electronics inside it.
That really can't be mentioned enough. Link to The Register's article [theregister.co.uk]
It'd be like skinning a copy of Windows 95 to look like Xwindows, and then saying "Look at all the vulnerabilities I found in linux!"
Except that a better analogy is those card skimmer devices that get stuck on ATMs that can record the card stripes and button presses. While the blame is misplaced ("oh noes! teh phish n chipz n pinz r haxx0r3d!"), it's still important as a reminder that sometimes you don't need to hack the security, if simply wearing a sheep's skin is good enough to get your wolf into the flock.
Re: (Score:2)
Re: (Score:2)
Keypad in front of the customer, little LCD display etc. and a simple control circuit instead of being connected directly to the till goes to another device that mirrors the keypresses on a real device.
It used to be secure when you had to put your card in the chip/pin device - but most retailers decided they wanted their control and you don't do that.. now that keypad could be *anything*. There's not even a standard 'look' - they all look different.. the only thi
Re: (Score:2)
Re: (Score:2)
However, this doesn't stop you hacking the keypad matrix to extract the keypresses. The only way to get around this would be to have your card perform *all
Re: (Score:2)
You're then asked to put in your pin into the keypad whilst the cashier watches intently.
There is *zero* real security in that system. You're still giving the card away where it could be cloned etc. on top of that instead of a difficult to copy signature you have an easily memorisable 4 digit pin.. and you have to enter
Card and PIN security (Score:5, Informative)
The potential security problem here is caused by the use of the same PIN for two purposes. You know how you should never use the same password for multiple security-critical systems? Well, that's exactly what some of the UK banks did.
See, EMV security is designed around the assumption that only the card and cardholder know the card PIN. The bank doesn't know it. The merchant terminals see it, but it has no value without the card. In particular, it should be of no use with the bank machine/ATM network.
How then, do you use a bank machine? Well, ideally, you insert your card, enter your PIN to unlock the card, and then the card performs a cryptographic authentication with the bank over the ATM network to identify and authenticate you so you can proceed to perform your transaction. But that requires the ATMs and network to be updated to support the chip card and to use the new authentication protocol.
The other method, of course, is just to use an account number and a PIN, just as you always have, but that PIN *must* be known by the bank's systems, which leads to the banks' dilemma when deploying the system. Their options were:
So, the banks mostly took option 3. I think some of them allow customers to request that their card and ATM PINs be "decoupled".
In theory, this means a malicious merchant can modify their PIN pad to capture the PINs and account numbers, and can then use the information to drain the accounts through the ATM network. In practice, this form of fraud hasn't happened, and it would be fairly easy to track unless the fraudster didn't steal very much -- a pattern of fraud on accounts whose cards have all been used at a particular merchant would be pretty easy to detect.
It could happen, of course, and probably will someday. If it becomes sufficiently serious, then maybe banks will have to abandon PIN synchronization. Hopefully, by then the rest of the world will have caught up and the ATM PIN can be discarded entirely.
Re:Card and PIN security (Score:4, Informative)
EMV cards have two data items for the PIN usually called online PIN and offline PIN but pretty much all banks have the same value for each.
The key worry about this 'attack' is that the electronics could be changed easily:
This fraud has already been perpetrated at a Shell garage in the UK [bbc.co.uk] when a bloke in overalls came into the Shell store to say he was the engineer to check the Chip n PIN device. The Trintech unit had a fault so that it would not self destruct when opened and a simple memory chip was added to the device. The bloke in overalls went back a few weeks later to 'check everything was OK' and took back the memory chip and had the card details and PINs - resultant fraud loss was GBP 1m; although not sure how much was recovered.
I'm very wary of Tesco stores (UK) that swipe the mag stripe before inserting the card into a chip reader then ask the customer for the PIN - they effectively have the strip and the PIN which is enough to make a new card. The problem is that the chip cards have the legacy mag stripe to work in foreign ATMs and non-chip compliant stores.
The way things are going with APACS CAP - punters will be inserting their PIN into any old keypad, so it'll be getting worse before it gets better.
rd
Re: (Score:2)
But, yes, you're absolutely right. Tons of punters are being trained to pay absolutely no regard to the nature of the device into which their card is placed, nor whether the device and/or card is removed from sight.
Even once the mag strip is discontinued there's still a
Re: (Score:2)
2) The chip is a thin surface layer
3) A punch & die need only depress the area of the card to raise the chip circuit to be scraped off.
4) A suitable fake circuit can then be pressed back on the card, and the distortion undone.
5) Punter walks off none the wiser.
Re: (Score:2)
Yes it does. It happened to my brother and to his wife. The experiences
Re: (Score:2)
Interesting. I hadn't heard of any actual cases, but I haven't been doing EMV stuff for the last couple of years, so it's not surprising that I've missed it.
Even with a little of this going on, the net effect is still to tremendously reduce overall credit card fraud. The bad part is that because this fraud is rare, the suspicion tends to fall more heavily on the card holder, especially card holders that don't have a solid reputation.
Re: (Score:2)
This way, the payer is reasonable certain that the PIN device has not been modified.
Re: (Score:2)
Yes, there are various implementations of cards with built-in PIN pads, and even other authentication technologies like fingerprint scanners, but none of them have been deployed because of the costs and questions about reliability.
What may be the "next big thing" is called Near Field Communications and involves embedding a contactless smart card chip in a cellphone. With that architecture, the phone's keypad can be used as the PIN pad.
Re: (Score:2)
Re: (Score:2)
NFC adds a contactless (ISO 14443) chip in addition to the phone SIM, and and RFID reader as well. Both the contactless chip and RFID reader use frequencies and protocols the phone doesn't already support.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
This system involved the use of a key security feature we will call a "Human Teller". The Teller would smile and say "Good Morning Mr. Thomas", verifying Mr. Thomas' identity both visually an
Re: (Score:2)
It's significantly more secure than magstripe and PIN debit card systems. Yes there is the same opportunity for PIN interception.
The team's next hack... (Score:5, Funny)
Frequency of I tetrominoes (Score:3, Interesting)
...will be a modification to Tetris to make that damn straight-line block appear more often.
Tetris brand games since Tetris Worlds [tetrisconcept.com], including Tetris DS, already have this modification: the I tetromino is guaranteed to appear once in every group of 7 tetrominoes [tetrisconcept.com]. Thus, if you have one group with the I at the start and one with the I at the end, the longest drought you can get is 12. The more even distribution makes it possible to keep your stack low arbitrarily long [tetrisconcept.com].
Payment Card Industry Standards (Score:2)
Re: (Score:2)
Fraudsters may observe standards, but they gleefully ignore them if it suits their purposes.
How is any member of a merchant's staff trained to inspect their black box and determine whether it complies with standards?
And remind me where I can read a bank's guidelines to its customers as to how they should refuse to use a card reader if it looks like it may have been opened recently? Moreover, is there a photo gallery of all the known leg
Re: (Score:2)
Tetris on machine no evidence of tampering? (Score:2, Funny)
I think putting Tetris on the machine makes it pretty obvious that it has been tampered with.
Living in Britain... (Score:2)
While retailers could hack their terminal to swipe PINs, they would
Re: (Score:2, Informative)
Try shopping in sainsburys, they swipe the card in their own machine then get you to enter the pin number in the chip and pin thingy.
Re: (Score:2)
Sainsburys have the same policy, but haven't crippled their pin-pads, so if you just ignore the cashier trying to grab your card, and put into the pin-pad instead, it works fine.
Re: (Score:2)
Re: (Score:2)
There's pretty much no security when that's happening, because all communication must be going from the till to the chip/pin device, and we only have the banks word for it that there's any security there, that it's not vulnerable to replay attacks, etc.
The system was designed and promoted to have single unit that both read the card and the pin. That wasn't what was deployed.
Re: (Score:2)
Re: (Score:2, Funny)
hehe British food (Score:2)
Though that did get me thinking about what would that even be serving if such a thing existed.
As Naomi Campbell said [plainenglish.co.uk] "I love England, especially the food. There's nothing I like more than a lovely bowl of pasta."
Mod parent up (Score:2)
Basically all this shows is that you can rip the guts out of a Magic 6000 without making significant changes to the top surface of the machine.
The real problem (Score:3, Interesting)
The real problem I see here is that new technology is presented as "unbreakable" then allows the business interests to ignore victims of fraud. In the U.S. we've already seen this happen with the special chipped keys for new vehicles. The auto makers insisted the technology was unbreakable, and the insurance companies responded in kind by denying theft claims from those victims unfortunate enough to have purchased a vehicle with one of these chipped keys.
I'm sure the banks are ready to further punish any victims of this broken "unbreakable" bank card system. I'm not British, so I don't know how applicable this is in the UK, but I imagine it is still a problem.
liability shifty (Score:5, Insightful)
Re: (Score:2, Informative)
With the original swipe system, the liability was with the bank; If you got frauded, then the bank had to re-emburse you. With the introduction of chip and pin, this remained the same; If you're chip and pin is frauded then the bank is still liable. FYI, if your swipe is frauded, it is now the place the fraud happened (e.g. the shop) that is liable, something that was introduced to basically force most companies to change over.
I can verify that the bank take liability, as
Re: (Score:3, Interesting)
In my experience the fraud protection has been really good. If your PIN or card details are stolen, any money lost is reimbursed by the bank. Moreover, when they detect that a retailer is stealing card numbers somehow (which they detect using a program to analyze log files and look for inconsistencies, etc.), they immediately cancel the cards of anyone who u
Re: (Score:2)
And you just hope you aren't on vacation on the other side of th
Weird (Score:2)
I type my PIN almost every time I use my card, and I use my card a lot. Cheques are an almost exctinct species here. It's money or card, mostly. The
Re: (Score:2)
For internet and telephone banking there is a 6-10 digit number (at least with HSBC) chosen by the account holder for verification.
Once you have someone's DOB, bank security number you can basically do anything with the account (eg wire the money anywhere else in the world). They usually ask for three digits
Missing the point... (Score:3, Funny)
That's nothing. Tetris in Delft in 1995. (Score:2)
I was there and it was absolutely hilarious
Great stuff for those interested in Tetris
No Cards Here (Score:2)
PIN Number? (Score:2, Funny)
Are British banks that clueless? (Score:2)
Re: (Score:2, Informative)
Yes, you can get the PIN that method, but unless you can actaully handshake with the EMV chip you have absolutly zero chance of getting the bank details. In the UK certainly the chip readers do now actually have the option to confiscate the card so a fake mini-EPOS terminal is not going to work.
Your idea about using a real EMV EPOS terminal is a non starter as most of them are not allowed to do offline transactions - so you'd need an account and access codes to be able to us
Re: (Score:2)
Funny, I use the bluetooth one at my local bar, the one at my local manager owned pretrol station, various restaurants and independent trader shops.
That seems a low barrier of entry to dishonest merchants and criminal gangs.
They replaced all the innards! (Score:2, Redundant)
Umm , how exactly does that prove the actual terminal is vulnerable? Other than if you get hold of one and have some tools at hand and lots of time then yes you can open the lid and get to the electronics inside. But I think we all knew that already.
This is a non-event.
PIN Number? (Score:2)
Why not PINN number, or PINNN Number?
I'm sure they enter their "PIN Number" into the "ATM Machine".
Debit Cards (Score:5, Informative)
So - the only time I have to enter my pin number is at the ATM. For all other purchases I use it like a credit card (and save the ATM surcharge as well).
It's an additional level of security (Score:2)
My sister (in the US) had her purse stolen recently and the thieves racked up a few thousand dollars of purchases in under an hour (she reported the loss just 40 minutes after she left her bag behind). With
Forget about the PIN (Score:2, Informative)
In Portugal we had an attempt on a similar technology back in the middle 90's, called PMB ("Porta Moedas Multibanco", which translates roughly into "ATM Wallet").
It was basically a smart-card you could load with a certain amount on any ATM and make payments anywhere a terminal existed (many vending machines, for instance, accepted PMB) without inserting any code whatsoever. So it basically replaced your wallet, if someone stole it the money still loaded in the card would be lost.
This wasn't much of a pr
Replacing Electronics (Score:2)
the device is "unsafe", then can never be a "safe" device.
Its like taking a Volvo, swapping the accelerator with the brake, and then declaring
that Volvo's are inherently unsafe.
I still haven't seen evidence of the tamperer's acquiring possesion of credit
card info -- which is really the issue at hand.
heavily flawed (Score:2)
1: they cannot authorise the transaction using this method so the customer wouldn't be able to pay for what they intended to buy. The second a chip and pin card reader is opened and modification is attempted, it bricks itself. This would mean it's impossible to modify the internals and still enable the reader to contact a bank. Shops would notice pretty fast if lots of people were stealing goods and getting someone to swipe the card in two differ
Chip and Pin drove me nuts this Summer... (Score:2)
I visited UK this past Summer and had two different incidences where the (admittedly) very young waitresses didn't know how to handle my old fashioned American credit card. They kept sticking it into the chip and pin terminal and telling me it wouldn't work.
Amazing it's only three years old and already so integrated into society there.
Can someone with a chip and pin card from UK use it like a regular credit card in the US (where there are no chip and pin terminals)? Seems a bit ridiculous to me to be
Re: (Score:3, Funny)
Re: (Score:2)
snort..
giggle..
ha ha
a ha ha ha he he...
Thud
Re: (Score:3, Informative)
I used to work at a private financial institution that was a member of the Interac network. The security on modern ATMs in Canada is very good. Interac certification requirements are equal to or better than VISA/Plus requirements, which require:
Re: (Score:2)
EMV will only improve matters. To my knowledge, Interac is mandating all transactions must occur online with the new EMV cards, and no fallback will be allowed to magstripe if you have an EMV card at an EMV terminal. That means fraudsters can only rely upon EMV mags @ magstripe only terminals, which will have a very aggressive sunset date.
Re: (Score:2)
I do know that huge amounts of time and dollars are spent by the FIs being Interac compliant. However, if the terminal gets replaced, the fraudster will have already injected their own keys into the ter
Only in Canada, Eh? Pity. (Score:2)