Forgot your password?
typodupeerror
Security Puzzle Games (Games) Hardware

Chip & PIN terminal playing Tetris 228

Posted by Hemos
from the the-joy-of-subversion dept.
Fearful Bank Customer writes "When British banks introduced the Chip-and-Pin smartcard-based debit and credit card system three years ago, they assured the public it was impervious to fraud. However, the EMV protocol it's based on requires customers to type their bank account pin number into store terminals in order to make any purchase. Security researchers at the University of Cambridge Computer Laboratory derided the system as insecure at the time, as it gave access to customer's bank account pin numbers to every store they bought from. Despite these objections, the system was deployed, so researchers Steven Murdoch and Saar Drimer recently modified a straight-off-e-bay chip-and-pin terminal to play Tetris, with a video on YouTube, demonstrating that devices are neither tamper-resistant nor tamper-evident, and that even students with a spare weekend can take control of them. The banks are claiming that this can be reproduced only "in the laboratory" but seem to have missed the point: if customers have to type their bank account pin into every device they see, then the bad guys can capture both critical card information *and* the pin number for the bank account, leaving customers even more vulnerable than they were under the old system."
This discussion has been archived. No new comments can be posted.

Chip & PIN Terminal Playing Tetris

Comments Filter:
  • by swillden (191260) * <shawn-ds@willden.org> on Monday January 08, 2007 @12:14PM (#17509184) Homepage Journal

    The potential security problem here is caused by the use of the same PIN for two purposes. You know how you should never use the same password for multiple security-critical systems? Well, that's exactly what some of the UK banks did.

    See, EMV security is designed around the assumption that only the card and cardholder know the card PIN. The bank doesn't know it. The merchant terminals see it, but it has no value without the card. In particular, it should be of no use with the bank machine/ATM network.

    How then, do you use a bank machine? Well, ideally, you insert your card, enter your PIN to unlock the card, and then the card performs a cryptographic authentication with the bank over the ATM network to identify and authenticate you so you can proceed to perform your transaction. But that requires the ATMs and network to be updated to support the chip card and to use the new authentication protocol.

    The other method, of course, is just to use an account number and a PIN, just as you always have, but that PIN *must* be known by the bank's systems, which leads to the banks' dilemma when deploying the system. Their options were:

    1. Make customers remember two PINs for the same account, a card PIN and a "bank machine PIN". This is good for security, but bad for customer acceptance.
    2. Upgrade the ATMs and network to do the card-based cryptograhic authentication. Good for security, but, in the short term very bad for customer acceptance, because it means that the cards can't be used with non-UK ATMs that don't implement the new technology.
    3. Use a "shared" PIN, ensuring that every time a cardholder changes either the card PIN or the bank PIN, the other gets updated to match. This is called "PIN synchronization" and is actually not all that cheap to do either, but it's the only option that means customers only have to remember one PIN and can use their card in ATMs around the world. It's bad for security, though.

    So, the banks mostly took option 3. I think some of them allow customers to request that their card and ATM PINs be "decoupled".

    In theory, this means a malicious merchant can modify their PIN pad to capture the PINs and account numbers, and can then use the information to drain the accounts through the ATM network. In practice, this form of fraud hasn't happened, and it would be fairly easy to track unless the fraudster didn't steal very much -- a pattern of fraud on accounts whose cards have all been used at a particular merchant would be pretty easy to detect.

    It could happen, of course, and probably will someday. If it becomes sufficiently serious, then maybe banks will have to abandon PIN synchronization. Hopefully, by then the rest of the world will have caught up and the ATM PIN can be discarded entirely.

  • by oliverthered (187439) <olivertheredNO@SPAMhotmail.com> on Monday January 08, 2007 @12:26PM (#17509366) Journal
    the card never leaves the direct control of the card holder

    Try shopping in sainsburys, they swipe the card in their own machine then get you to enter the pin number in the chip and pin thingy.
  • by rapiddescent (572442) on Monday January 08, 2007 @12:32PM (#17509450)
    actually, with regard to point 3 above:

    EMV cards have two data items for the PIN usually called online PIN and offline PIN but pretty much all banks have the same value for each.

    The key worry about this 'attack' is that the electronics could be changed easily:

    • get the mag strip by asking the customer to swipe
    • gets the PIN value
    • completes the transaction using the EMV chip
    • stores the mag stripe and PIN value
    • reuse the card in an ATM/Store that does not require chip

    This fraud has already been perpetrated at a Shell garage in the UK [bbc.co.uk] when a bloke in overalls came into the Shell store to say he was the engineer to check the Chip n PIN device. The Trintech unit had a fault so that it would not self destruct when opened and a simple memory chip was added to the device. The bloke in overalls went back a few weeks later to 'check everything was OK' and took back the memory chip and had the card details and PINs - resultant fraud loss was GBP 1m; although not sure how much was recovered.

    I'm very wary of Tesco stores (UK) that swipe the mag stripe before inserting the card into a chip reader then ask the customer for the PIN - they effectively have the strip and the PIN which is enough to make a new card. The problem is that the chip cards have the legacy mag stripe to work in foreign ATMs and non-chip compliant stores.

    The way things are going with APACS CAP - punters will be inserting their PIN into any old keypad, so it'll be getting worse before it gets better.

    rd

  • Debit Cards (Score:5, Informative)

    by Lodragandraoidh (639696) on Monday January 08, 2007 @12:46PM (#17509634) Journal
    In the US we have debit cards that operate as both an ATM card, and equivalent to a credit card - only drawing the cash from the bank account instead of a line of credit.

    So - the only time I have to enter my pin number is at the ATM. For all other purchases I use it like a credit card (and save the ATM surcharge as well).

  • Re:liability shifty (Score:2, Informative)

    by iamdjsamba (1024979) on Monday January 08, 2007 @12:55PM (#17509768) Homepage
    Actually, I think quite wrong.

    With the original swipe system, the liability was with the bank; If you got frauded, then the bank had to re-emburse you. With the introduction of chip and pin, this remained the same; If you're chip and pin is frauded then the bank is still liable. FYI, if your swipe is frauded, it is now the place the fraud happened (e.g. the shop) that is liable, something that was introduced to basically force most companies to change over.

    I can verify that the bank take liability, as my girlfriend recently had her card details stolen from an ATM (still not sure of the method, but there were about 100 students I'd guess who got done too, so i'd guess a some sort of magnetic swipe + camera job). She had about £200 taken, and the bank refunded all of it to her.

    As for the actual security of chip and pin, as many people here have reiterated, everything is liable to be cheated some way or another, it's a sad fact of the technological world. However, all you need to do is look at the figures (thanks to chip and PIN, in 2005, there was a reduction of nearly £60m in counterfeit and fraud on lost and stolen cards (a drop of 24%) compared to 2004. [http://www.chipandpin.co.uk/overseas/success.html ]) to see that there is a clear reduction in fraud. The long term reduction in France has been even more significant (estimated to be 80% [http://www.whatprice.co.uk/financial/chip-and-pin -credit-card.html]). So the technology may be liable to fraud, but significantly less so than swipe.

    Stuff like this is scaremongering and will stop people using cards when they're safe. Just like happened with internet shopping, which is actually safer than real life shopping (1/3 of adults frauded in real world, just 15% online according to research from paypal [www.easier.com/view/News/Finance/article-80950.ht ml]).

    And the real question is, can it play doom? [itplaysdoom.com]

  • by Nursie (632944) on Monday January 08, 2007 @12:57PM (#17509810)
    Sorry for the pompous post heading, but the first part is true, I wrote a large part of Tesco's system including about half of the EMV processing component. It's a customised version of what was the world's first integrated EMV system (ie card reader + PC + store level auth servers + central connection to VISAnet, LINK etc).

    Whether you should listen to me or not is another matter.

    The chip controls the transaction. That's how it goes. The chip decides if it can trust the terminal or the bank based on cryptographic signing operations. The terminal is verified by a process in which it concatenates various pieces of data, performs a crypto op on them and presents the result to the card. The card compares this to its own result (depending on the card it either has one precalculated and uses the same one each time (low security) or does the same calculation itself on a set of data including some session data (better security)).
    PIN is encrypted as soon as it is entered and should never leave the device it's entered on in plaintext form, it is presented to the card as a cryptogram for validation.
    When a transactioon is presented to the bank for authorisation it is presented with yet another cryptogram so that the bank can validate the card. The response also comes in the form of a cryptogram so that the card can validate the bank.

    However, I'll agree, all this is pretty useless if someone can get inside the terminal and intercept the PIN at hardware level. Other than that and the looking-over-shoulder social security hole problem, EMV's pretty bullet proof. Your PIN doesn't ever even get to the PC that's running the transaction.

    If you want to know more then the actual standards are available at EMVco [emvco.com], but they're the nearest thing to legalese I've ever encountered as a software Dev. I'm out of the payments game now, but my knowledge should still be pretty relevant, I hope.
  • Re:In use in Canada (Score:3, Informative)

    by mandelbr0t (1015855) on Monday January 08, 2007 @01:05PM (#17509938) Journal

    I used to work at a private financial institution that was a member of the Interac network. The security on modern ATMs in Canada is very good. Interac certification requirements are equal to or better than VISA/Plus requirements, which require:

    • An EPP (Encrypting PIN Pad) that uses 128 3-DES shared key encryption. The EPP is sealed at the factory.
    • A specially hardware device for generating gateway keys and terminal keys
    • MAC-ing of encrypted message between terminal and gateway to prevent errors and detect tampering.
    • private leased line between gateway and Interac network
    • (coming soon) upgraded requirements for MAC-ing and encryption on private leased line

    The link between ATM and gateway, and gateway and Interac is probably the most secure aspect of the transaction. Most fraud I heard of was isolated cases of stolen cards (probably read the PIN over their shoulder and stole the card without cardholder's immediate knowledge), or of cameras recording PIN numbers (you need an insert on the card reader too). The only real problem now is that some older gateways still process non-compliant terminals which use weaker encryption (64-bit DES) or use PIN pads that aren't certified. Fines must be paid to keep these terminals operational, and I believe that there is a drop-dead date where nothing will keep the non-compliant terminals operating.

    In practice, this means that an individual needs to pay attention to what ATMs they use. If it looks old and unreliable, there's a good chance it is. If it looks shiny and new, it's pretty likely that it meets current security standards, though it's possible to upgrade the case on some older models without upgrading the security.

    mandelbr0t
  • Forget about the PIN (Score:2, Informative)

    by carvalhao (774969) on Monday January 08, 2007 @01:08PM (#17509984) Journal

    In Portugal we had an attempt on a similar technology back in the middle 90's, called PMB ("Porta Moedas Multibanco", which translates roughly into "ATM Wallet").

    It was basically a smart-card you could load with a certain amount on any ATM and make payments anywhere a terminal existed (many vending machines, for instance, accepted PMB) without inserting any code whatsoever. So it basically replaced your wallet, if someone stole it the money still loaded in the card would be lost.

    This wasn't much of a problem, since in Portugal we have a single entity managing all debit cards, so you get money at any ATM or pay at any debit terminal regardless of your bank, so the PMB cards were only used for micro-payments and never carried much money anyway.

    The system wasn't very successful, though. Not enough information given to the public in a time where the concept of electronic money wasn't all that widespread...

  • by apodyopsis (1048476) on Monday January 08, 2007 @01:11PM (#17510054)
    Its not actually that easy.

    Yes, you can get the PIN that method, but unless you can actaully handshake with the EMV chip you have absolutly zero chance of getting the bank details. In the UK certainly the chip readers do now actually have the option to confiscate the card so a fake mini-EPOS terminal is not going to work.

    Your idea about using a real EMV EPOS terminal is a non starter as most of them are not allowed to do offline transactions - so you'd need an account and access codes to be able to use them. Good luck, let me know how that works out.

    The only method that can still be used is a skimmmer (sits in front of the slot on an ATM and reads the card and photos the pin entry) but the average user is thankfully getting smart enough to detect that the shiny plastic thing clipped to the front of the cash point is probably not to be trusted.

    skimmer: http://news.bbc.co.uk/1/hi/england/hampshire/dorse t/3399175.stm [bbc.co.uk]

    So that really only leaves mugging somebody or creating a fake ATM (which has been done many times) - both of which probably would work, but are futunately quite rare these days.

  • by shaneh0 (624603) on Monday January 08, 2007 @01:24PM (#17510266)
    Misquote indeed. Especially considering Franklin wasn't actually the source of that nugget of wisdom.

    http://en.wikiquote.org/wiki/Benjamin_Franklin

APL is a write-only language. I can write programs in APL, but I can't read any of them. -- Roy Keir

Working...