Chip-and-Pin Vulnerable To Subtle Trickery

An anonymous reader writes "Cambridge University researchers, in an investigation for BBC Television's Watchdog programme, have demonstrated a man-in-the-middle attack for the chip-and-pin credit card security system used throughout the UK and Europe. In the attack, the card is inserted into a card-reader that has been tampered with, and the information transmitted in real-time to an accomplice who uses a specially modified card to make a higher-value purchase elsewhere. The modified card-reader shows only the expected amount, but the larger amount is deducted from the victim's bank account. It would not be easy to use this method in practice because the two transactions must be made simultaneously. The same team recently demonstrated a hacked chip-and-pin terminal playing Tetris."

attack easly detected

Someone with a close eye on their account will notice the missing money and pull up recent transactions online. Armed with reciepts and a printout of the impossible to make dual purchases with one card in two locations, the compromised machine can be shut down (de-authorised) and legal proceedings started. This attack has a name attached to the business using the terminal.

The attack is proof of concept, but it leaves too much of a trail.

Re:

wouldn't it be possible to use it with an online retailer somehow though?

It collects the information and simultaneiously
(A) Creates the online order with info from the card (or simply stores it for later use)
and
(B) Runs the designated order through another

Re:

If the terminal the customer thought they were using was not making charges, and that store's owner was not in on the plot, there's a good chance the owner would figure it out in short order -- he wouldn't be getting any money from sales that used that car

'Watchdog' tonight

This is due to be on 'Watchdog' (a popular consumers'-rights show) in about 45 minutes.

As I understand it, the point of this research is that the banks have been claiming that chip-and-pin terminals are completely tamper-proof. In fact, they may be tamper-proof from the banks' point of view (preventing fraudulent transactions by destroying encryption keys if the case is tampered with), they're not from the customers' point of view - a dodgy establishment or criminal employee could clone your card with a terminal that looks legit.

So, ripping out the innards and putting a machine playing Tetris inside looks silly, but demonstrates that the devices aren't inherently trustworthy. And this is the next step: showing that a card can be cloned and the details used to make a fraudulent transaction using modified hardware.

Re:

The standard response from the Banks is:

"Our technology is infallible. You *must* have compromised your card / PIN. You will get no refund nor compensation."

What this does is point out that the first sentence is not correct and that the second does not

Re:

a dodgy establishment or criminal employee could clone your card with a terminal that looks legit
Where did you get that from (for smart cards)? if this was the case they wouldn't have to do this complicated man-in-the-middle simultaneous transaction attack

Is it a big deal?

Here's what I don't get: It seems to me that, at least in most of the places I've been in Europe, European businesses are unwilling to turn away purchases from American tourists. Therefore, everyplace that uses the chip and PIN system can also accept Ameri

Single bit check is not enough

The method, proposed in the article is meaningless. If the timing
check is really 1-bit, the fake card can respond by itself, without
relaying any data. Is it on purpose ?

Much safer way is to measure time while performing a handshake.
Yes, there ARE some tech

Re:

"The extra step the researchers added is that the terminal sends the card a single bit *challenge* -- a 0 or 1 -- and the card *responds* in kind. The terminal can record how much time elapsed between sending and receiving the response, which would be a fe

Re:

Each exchange is one challenge bit and one response bit, so the timing is accurate, but this is repeated many times to give a high assurance that the real card is present (128 in the prototype). See the draft paper [cam.ac.uk] for the details.

Ultimate Financial Security

For the truly security minded: a wallet, a handgun, and the bottom side of your mattress. No interest charges or minimum payments!

Re:Ultimate Financial Security

"Lady, me and this gun here say that I'm going to pay cash for this and there's nothing you can do about it!"

"I'm sorry, sir, but I can't hear what you're saying through the mattress you're wearing."

Or did I misinterpret what you're suggesting?

Subtle?

Its a fairly complicated attack, easily traced and could only probably only be executed once or twice per location before PC Plod comes calling due to the high visibility of the villians in pulling it off. Looks like way to little return for the effort and

nothing new here

So this along with the tetris hack basically says if you are a retailer and have access to a terminal or other means of getting hold of a persons credit or debit card then you can potentially do lots of dodgy stuff. Who knew!!!

Re:

No, that's the whole point. If you have the card (stolen it) but not the PIN it is useless, regardless of what you do with a terminal. If you have a PIN (hacked terminal) but not the card, it's still useless. The simplest way to hack Chip'n'PIN for now is

What I learned at OfficeMax

When I saw that Officemax [slashdot.org] was stupidly storing atm pins, I gave up. Now, the only machine that sees my atm card is my bank's. And even there, I look at the machine to see that it hasn't been tampered with. [interesting-people.org]

For everyone else, I've reverted to checks and cash

Classic Quote...

Anne Robbinson my arse!

Watchdog?

I am watching a dog.

I don't get it

This is neat, but it's not exciting. I've written a smartcard proxy service that could also be used for evil. It works by capturing the client certificate request from a tls handshake, and sends the signed response to the server (some older web apps don't know how to use pkcs#11 libraries, which is what this is used for..it strips the client cert request out of the handshake so the client is none the wiser). I could rewrite my proxy to sign all kinds of data with the smartcard once the user gives the proxy his/her PIN...I could logon to banking sites and transfer money to me, buy stuff, essentially anything that the computer could do, and not inform the user.

I think Bruce Schneier's paper [schneier.com] said it best. Sure the card is trustworthy, but when you're using any kind of smartcard, the card isn't the trust boundary. The card plus the computer (or pinpad in this case) that you're using it on is your trusted device conglomerate.

I think the real demonstration of this attack is that pinpads have vulnerabilities. Even that isn't earth-shattering. So does everything else where physical access is granted.

Which isn't to say that it isn't newsworthy (people should definitely be careful where they stick their card), but it does feed into idea #4 on the six dumbest ideas in computer security [ranum.com].

The Tetris hack was a fake

It was not the real hardware hacked to play tetris. It was different hardware in the same box.

Sure, this shows that you can fool a user tothink they're using a valid machine, but it does not get at the transaction.

Re:The Tetris hack was a fake

It was not the real hardware hacked to play tetris. It was different hardware in the same box.

Sure, this shows that you can fool a user to think they're using a valid machine, but it does not get at the transaction.

Have you read the article? There is a fake transaction at the victim's location which appears to be paying £20 for dinner. There is a real (but fraudulent) transaction at the jewelers at the same time for $2000 of diamonds.

The victim's card goes in the "fake pin machine" which is linked via laptops to a "fake card" in a "real pin machine" at another shop (in this case, a jewelers).

The laptop link makes it look like the victim's card is physically at the jewelers store, and takes care of all the validation. The victim is told the dinner price, and enters their PIN into the "fake PIN machine", which says "thank you" and prints a fake receipt. Meanwhile, the PIN number is then passed to the criminal at the jeweler to key into the real PIN machine and buy the diamonds.

Tricky to pull off due to the timing - but a real treat all the same.

Re:

I wonder if you have misunderstood what is going on here.

The there is no connection between the bank and the card-reader that has been tampered with. As far as the bank is able to see, there has been a legitimate transaction for £2000. As far as the

Re:

Of course if you do £20 - £2000 then you get noticed real quick.

Do it at a petrol station or somewhere where the price varies a lot, add £1 onto the transaction (screening out the 'obvious' figures to avoid people who put exactly £2

Re:

Actually, the security of signatures is in some ways better than chip-and-pin, from your point of view.

If someone steals your card and uses it, you simply repudiate the transactions. You can easily prove that they are not genuine, because the thief will

Re:

Signatures are better theoretically but worse in practice as they require human verification whereas a machine does not care as long as a code is put in. Of course, humans are lazy and tend to accept the card regardless.
I'd say both have specific advantage

Re:

AC wrote:

..if it came to it then at least an expert should be able to spot a forgery in the event of a dispute.

That won't do you any good because clerks can't distinguish from a legitimate signature and a forged one. Therefore if the owner of a card wants