An anonymous reader writes "Cambridge University researchers, in an investigation for BBC Television's Watchdog programme, have demonstrated a man-in-the-middle attack for the chip-and-pin credit card security system used throughout the UK and Europe. In the attack, the card is inserted into a card-reader that has been tampered with, and the information transmitted in real-time to an accomplice who uses a specially modified card to make a higher-value purchase elsewhere. The modified card-reader shows only the expected amount, but the larger amount is deducted from the victim's bank account. It would not be easy to use this method in practice because the two transactions must be made simultaneously. The same team recently demonstrated a hacked chip-and-pin terminal playing Tetris."
This is still safer than traditional credit cards!
Not sure whether you're being sarcastic, but if not then safer for whom and in what way? Previously I had to sign for everything I bought on my card, and if it came to it then at least an expert should be able to spot a forgery in the event of a dispute. Now the only authorisation is typing in a 4 digit code in a crowded shop. Worse, a series of crowded shops time after time. If anyone managers to see my code then it just takes a pickpocket (or acquaintance
..if it came to it then at least an expert should be able to spot a forgery in the event of a dispute.
That won't do you any good because clerks can't distinguish from a legitimate signature and a forged one. Therefore if the owner of a card wants to cheat the bank, they can just sign their own signature with their left hand or something and then deny the charge. If the bank doesn't believe you when you say it was fraudulent then you'll be stuck with the charge (or the store will because they didn'
...The issue is that banks have used the argument that chip and pin is 100% secure to transfer liability for fraud away from themselves and onto the cardholder. It is more secure than a signature that is never checked, sure, but 100% secure? No way.
This effort is designed to prove that it can theoretically be defeated without posession of the physical card, but you can easily imagine the decidely low-tech method of someone looking over your shoulder as you make a transaction and then pick-pocketing your card
Someone with a close eye on their account will notice the missing money and pull up recent transactions online. Armed with reciepts and a printout of the impossible to make dual purchases with one card in two locations, the compromised machine can be shut down (de-authorised) and legal proceedings started. This attack has a name attached to the business using the terminal.
The attack is proof of concept, but it leaves too much of a trail.
wouldn't it be possible to use it with an online retailer somehow though?
It collects the information and simultaneiously (A) Creates the online order with info from the card (or simply stores it for later use) and (B) Runs the designated order through another machine.
wouldn't it be possible to use it with an online retailer somehow though?
There is no PIN check with an online payment - you wouldn't need the man in the middle. All you need for the fraudulent online payment is to steal the card details (ideally including the CV2 number printed on the signature strip). Plain old fashioned photography would be enough (both sides of the card).
If the terminal the customer thought they were using was not making charges, and that store's owner was not in on the plot, there's a good chance the owner would figure it out in short order -- he wouldn't be getting any money from sales that used that card terminal. And even if he was in on it he'd still be losing money for the items he's giving away without any payment. It seems unlikely that this plot could go undiscovered for very long.
But it's going to be far easier to tamper with a terminal if the owner is in cahoots, so while you are correct, I don't think it really mitigates the problem.
This is due to be on 'Watchdog' (a popular consumers'-rights show) in about 45 minutes.
As I understand it, the point of this research is that the banks have been claiming that chip-and-pin terminals are completely tamper-proof. In fact, they may be tamper-proof from the banks' point of view (preventing fraudulent transactions by destroying encryption keys if the case is tampered with), they're not from the customers' point of view - a dodgy establishment or criminal employee could clone your card with a terminal that looks legit.
So, ripping out the innards and putting a machine playing Tetris inside looks silly, but demonstrates that the devices aren't inherently trustworthy. And this is the next step: showing that a card can be cloned and the details used to make a fraudulent transaction using modified hardware.
"Our technology is infallible. You *must* have compromised your card / PIN. You will get no refund nor compensation."
What this does is point out that the first sentence is not correct and that the second does not automatically follow. I am not particularly protective of or abusive towards Chip-And-Pin but the "Nothing to do with me mate. You'll have to prove it." attitude of the banks is kind of annoying. I'm much more happy paying my taxes to find this kind of
a dodgy establishment or criminal employee could clone your card with a terminal that looks legit Where did you get that from (for smart cards)? if this was the case they wouldn't have to do this complicated man-in-the-middle simultaneous transaction attack.
Oh come on... there is no standard 'look' for these things - they come in all shapes and sizes, and many larger shops still take the card off you and swipe on their terminal (so you don't even *see* the chip/pin thing they just hand you a keypad which is connected to the till & may or may not be encrypted or recording your pin for later use). You really don't have to get hold of one of the legit boxes, just make something that looks passable and has an LCD display and card reader. That gets you the pin,
Where did you get that from (for smart cards)? if this was the case they wouldn't have to do this complicated man-in-the-middle simultaneous transaction attack.
You're right. As you say, it's not cloning, and what sjmurdoch and co demonstrated is a man-in-the-middle attack.
Your victim puts their card into a modified chip-and-pin terminal. At the same time, a criminal carrying a card connected to a hidden laptop goes to make a purchase in another store, putting the (fake) card in a (legitimate) terminal
Here's what I don't get: It seems to me that, at least in most of the places I've been in Europe, European businesses are unwilling to turn away purchases from American tourists. Therefore, everyplace that uses the chip and PIN system can also accept American-style swipe-the-card transactions. So if your goal was merely to steal or clone a credit card and buy yourself a nice plate of frogs' legs, wouldn't it be easier to just do it American-style? Second, do consumers not have credit card loss protection in
do consumers not have credit card loss protection in Europe, the way they do in the U.S.? In the U.S., you're only liable for something like $50 on a fraudulent charge
Yes, we do. The whole point of Chip+PIN is to transfer the liability for fraud to the cardholder, as any transaction made using the PIN "must" have been made by that cardholder. So no fraud protection, no reversing the charge.
I don't see any reason why this attack wouldn't work with a normal credit card machine (and not just the chip and pin cards). If you have hardware that has been tampered with the possibilities are endless really.
I personally wish that we did use the chip and pin cards in the US because it's better than signature. I usually sign for things with "PWNED" or I draw pictures of pacman or kung-fu stick figures and no one seems to notice. The security that comes with signatures is a joke.
Actually, the security of signatures is in some ways better than chip-and-pin, from your point of view.
If someone steals your card and uses it, you simply repudiate the transactions. You can easily prove that they are not genuine, because the thief will not have been able to forge your signature.
If someone steals my chip-and-pin card and manages to use it, the bank will charge me for the transactions, and will simple laugh at me if I complain. Without a signature on the sales slip, I have got no proof
This is largely why the 'Check Cards' are so bad for consumers. I don't understand why people don't get it. With a traditional credit card, if someone commits fraud on your account, you simply deny the charges, and you don't worry about it until it is proven that you made the charges. With the check cards (or as I call them 'give my money away for free cards') when you find a fraudulent charge, you have to go around to all of the businesses that you have written checks to that are now going to bounce bec
Signatures are better theoretically but worse in practice as they require human verification whereas a machine does not care as long as a code is put in. Of course, humans are lazy and tend to accept the card regardless. I'd say both have specific advantages and disadvantages, ultimately if the bank and customer wanted better security then both should be used side-by-side.
I used to print "Check ID" on the signature space on the back of the card.
A clerk, had me sign the receipt, picked up the card - looked at the card & my signature, and then handed me back my card with a 'thank you'.
I've had a sum total of one (1) company refuse me service because I wrote only 'See Photo ID' on the back of the card, instead of my signature. Oddly, it was some artist supply store. Everywhere else accepts it and, on larger purchases, will check the photo ID in order to validate. I even went so far in my grumblings to call the issuing company and ask whether the 'See Photo ID' "signature" was valid. The representative I talked to saw no reason why it would not, since the whole purpose of doing so was to p
The method, proposed in the article is meaningless. If the timing check is really 1-bit, the fake card can respond by itself, without relaying any data. Is it on purpose ?
Much safer way is to measure time while performing a handshake. Yes, there ARE some technical problems, but it would be a real check.
"The extra step the researchers added is that the terminal sends the card a single bit *challenge* -- a 0 or 1 -- and the card *responds* in kind. The terminal can record how much time elapsed between sending and receiving the response, which would be a few nanoseconds in a normal transaction." A challenge response is otherwise known as a handshake. They took a small challenge because otherwise the handshake would take too much time, making the method meaningless. A few nanoseconds is a bit on the possitive
Each exchange is one challenge bit and one response bit, so the timing is accurate, but this is repeated many times to give a high assurance that the real card is present (128 in the prototype). See the draft paper [cam.ac.uk] for the details.
Its a fairly complicated attack, easily traced and could only probably only be executed once or twice per location before PC Plod comes calling due to the high visibility of the villians in pulling it off. Looks like way to little return for the effort and risk involved.
So this along with the tetris hack basically says if you are a retailer and have access to a terminal or other means of getting hold of a persons credit or debit card then you can potentially do lots of dodgy stuff. Who knew!!!
No, that's the whole point. If you have the card (stolen it) but not the PIN it is useless, regardless of what you do with a terminal. If you have a PIN (hacked terminal) but not the card, it's still useless. The simplest way to hack Chip'n'PIN for now is simply to bend the chip so it breaks, causing the terminals to fall back to magstripes.
You're right. Nothing new at all. And you don't even need to have a modified card reader. I was speaking to a guy in a small shop, I don't know how it came up, but he said that every card he puts through, they get a receipt with the full card number on it. That means that he can enter a "card not present" transaction later. It will show up on your statement, so it's traceable, but they could put these transactions through whenever they please. I guess chances are that this already happens a lot.
In the UK PC World still print your entire CC number *and* expiry date on receipts (or they did a couple of months ago... I complained... again... one day they'll listen). A bit of dumpster diving around one of them and you'd have a handful of legit card numbers to clone. All you're missing is the CVE.
Now find online retailers that don't ask for the CVE (admittedly getting fewer... My ISP doesn't for example).
Or just pay for car parks, which aren't chip/pin enabled and just take the magstripe and debit your
When I saw that Officemax [slashdot.org] was stupidly storing atm pins, I gave up. Now, the only machine that sees my atm card is my bank's. And even there, I look at the machine to see that it hasn't been tampered with. [interesting-people.org]
For everyone else, I've reverted to checks and cash.
This is neat, but it's not exciting. I've written a smartcard proxy service that could also be used for evil. It works by capturing the client certificate request from a tls handshake, and sends the signed response to the server (some older web apps don't know how to use pkcs#11 libraries, which is what this is used for..it strips the client cert request out of the handshake so the client is none the wiser). I could rewrite my proxy to sign all kinds of data with the smartcard once the user gives the proxy his/her PIN...I could logon to banking sites and transfer money to me, buy stuff, essentially anything that the computer could do, and not inform the user.
I think Bruce Schneier's paper [schneier.com] said it best. Sure the card is trustworthy, but when you're using any kind of smartcard, the card isn't the trust boundary. The card plus the computer (or pinpad in this case) that you're using it on is your trusted device conglomerate.
I think the real demonstration of this attack is that pinpads have vulnerabilities. Even that isn't earth-shattering. So does everything else where physical access is granted.
Which isn't to say that it isn't newsworthy (people should definitely be careful where they stick their card), but it does feed into idea #4 on the six dumbest ideas in computer security [ranum.com].
This attack is a form of a relay attack. These kind of attacks can be really, really hard to avoid. Basically you need both sides to be authenticated and communicate in a secure fashion. Both sides also need to be secured ("tamper resistant" or, if possible "tamper proof"). And to top it off you must be sure that anything you sign is really correct, and that the human input (if any) isn't listened upon. Of course, you must use something to confirm the transaction as well. Basically it comes down to the fact
I may be missing something here, but I've always thought that a much simpler hack exists - albeit you would need to steal the card too, but we are talking about criminals here.
1a) Create a fake terminal that looks and operates like a genuine terminal. All the terminal does is record the 4 digit PIN.
or
1b) Place a camera such that it films the terminal as the card owner types in their 4 digit PIN.
2) Steal the card
3) Use the card + pin
In short, the terminal verifies itself to the credit card compan
Gee, there are much simpler attacks. In several cases, crooks setted up fake "standalone" ATMs that simply captured the card and the PIN code. Since to the user it appears that the card was swallowed by a legitimate ATM, the user is not going to report at stolen right away. The effect can be reinforced by a properly dressed (read: a suit) impostor telling the customer that there is a problem with the ATM and that they will get their card back in the mail. Then crooks simply have to collect a bunch of valid c
That's a possibility but it would not work in every case with "chipped" cards. For example, on EMV cards (i.e. pretty much "chipped" banking card out there), the magnetic stripe contains a field stating that this card is "chipped" and that the "chip" transaction should be tried first if the payment terminal has a smartcard reader. So if you only make a copy of the magnetic stripe on a card without a chip or with an inactive chip, there is a very high chance that the terminal will decline the transaction. As
Some shops had their terminals replaced with modified units that captured the required card info and pin numbers which was then used by the bad guys at some later point. Aided and abetted I might add by an upgrade to the terminals wherein the new terminals look like the old ones and the old ones were discarded in a rather sloppy manner.
It was not the real hardware hacked to play tetris. It was different hardware in the same box.
Sure, this shows that you can fool a user to think they're using a valid machine, but it does not get at the transaction.
Have you read the article? There is a fake transaction at the victim's location which appears to be paying £20 for dinner. There is a real (but fraudulent) transaction at the jewelers at the same time for $2000 of diamonds.
The victim's card goes in the "fake pin machine" which is linked via laptops to a "fake card" in a "real pin machine" at another shop (in this case, a jewelers).
The laptop link makes it look like the victim's card is physically at the jewelers store, and takes care of all the validation. The victim is told the dinner price, and enters their PIN into the "fake PIN machine", which says "thank you" and prints a fake receipt. Meanwhile, the PIN number is then passed to the criminal at the jeweler to key into the real PIN machine and buy the diamonds.
Tricky to pull off due to the timing - but a real treat all the same.
I wonder if you have misunderstood what is going on here. The there is no connection between the bank and the card-reader that has been tampered with. As far as the bank is able to see, there has been a legitimate transaction for £2000. As far as the victim sees, the transaction is for only £20 (until he receives his statement one month later).
The point is: the actual transaction is £2000. The trickery is making the victim believe he is authorising a transaction of only £20 by present
Of course if you do £20 - £2000 then you get noticed real quick. Do it at a petrol station or somewhere where the price varies a lot, add £1 onto the transaction (screening out the 'obvious' figures to avoid people who put exactly £20 of petrol in for example noticing the error), and have the 'real' transaction come from the 'real' retailer and you'd get away with it for quite a while.
Petrol station employees are paid minimum wage and not security checked & have an incentive to ge
Just have to work on the shops (mainly larger ones) that insist on taking the card off you and using their own proprietary chip/pin system. They'd probably do the same "oh, we don't use those things.. here type your pin into this keypad".
Yes, BUT (Score:1)
Re: (Score:1, Informative)
Not sure whether you're being sarcastic, but if not then safer for whom and in what way? Previously I had to sign for everything I bought on my card, and if it came to it then at least an expert should be able to spot a forgery in the event of a dispute. Now the only authorisation is typing in a 4 digit code in a crowded shop. Worse, a series of crowded shops time after time. If anyone managers to see my code then it just takes a pickpocket (or acquaintance
Re: (Score:3, Insightful)
That won't do you any good because clerks can't distinguish from a legitimate signature and a forged one. Therefore if the owner of a card wants to cheat the bank, they can just sign their own signature with their left hand or something and then deny the charge. If the bank doesn't believe you when you say it was fraudulent then you'll be stuck with the charge (or the store will because they didn'
This issue is not whether it is more secure... (Score:2)
It is more secure than a signature that is never checked, sure, but 100% secure? No way.
This effort is designed to prove that it can theoretically be defeated without posession of the physical card, but you can easily imagine the decidely low-tech method of someone looking over your shoulder as you make a transaction and then pick-pocketing your card
attack easly detected (Score:4, Interesting)
The attack is proof of concept, but it leaves too much of a trail.
Re: (Score:2)
It collects the information and simultaneiously
(A) Creates the online order with info from the card (or simply stores it for later use)
and
(B) Runs the designated order through another machine.
Re: (Score:1)
Re: (Score:2)
Canceling out legitimate purchases with phony receipts showing simultaneous transactions.
Re: (Score:2)
Re: (Score:2)
'Watchdog' tonight (Score:5, Insightful)
As I understand it, the point of this research is that the banks have been claiming that chip-and-pin terminals are completely tamper-proof. In fact, they may be tamper-proof from the banks' point of view (preventing fraudulent transactions by destroying encryption keys if the case is tampered with), they're not from the customers' point of view - a dodgy establishment or criminal employee could clone your card with a terminal that looks legit.
So, ripping out the innards and putting a machine playing Tetris inside looks silly, but demonstrates that the devices aren't inherently trustworthy. And this is the next step: showing that a card can be cloned and the details used to make a fraudulent transaction using modified hardware.
Re: (Score:2, Insightful)
What this does is point out that the first sentence is not correct and that the second does not automatically follow. I am not particularly protective of or abusive towards Chip-And-Pin but the "Nothing to do with me mate. You'll have to prove it." attitude of the banks is kind of annoying. I'm much more happy paying my taxes to find this kind of
Re: (Score:2)
Where did you get that from (for smart cards)? if this was the case they wouldn't have to do this complicated man-in-the-middle simultaneous transaction attack.
Re: (Score:2)
You really don't have to get hold of one of the legit boxes, just make something that looks passable and has an LCD display and card reader. That gets you the pin,
Re: (Score:2)
You're right. As you say, it's not cloning, and what sjmurdoch and co demonstrated is a man-in-the-middle attack.
Your victim puts their card into a modified chip-and-pin terminal. At the same time, a criminal carrying a card connected to a hidden laptop goes to make a purchase in another store, putting the (fake) card in a (legitimate) terminal
Is it a big deal? (Score:2)
Second, do consumers not have credit card loss protection in
That is the whole point of Chip+PIN (Score:2)
Yes, we do. The whole point of Chip+PIN is to transfer the liability for fraud to the cardholder, as any transaction made using the PIN "must" have been made by that cardholder. So no fraud protection, no reversing the charge.
Hard to pull off with any card (Score:1)
I personally wish that we did use the chip and pin cards in the US because it's better than signature. I usually sign for things with "PWNED" or I draw pictures of pacman or kung-fu stick figures and no one seems to notice. The security that comes with signatures is a joke.
Re: (Score:2)
If someone steals your card and uses it, you simply repudiate the transactions. You can easily prove that they are not genuine, because the thief will not have been able to forge your signature.
If someone steals my chip-and-pin card and manages to use it, the bank will charge me for the transactions, and will simple laugh at me if I complain. Without a signature on the sales slip, I have got no proof
Re: (Score:2)
Re: (Score:2)
I'd say both have specific advantages and disadvantages, ultimately if the bank and customer wanted better security then both should be used side-by-side.
Check ID (Score:2)
A clerk, had me sign the receipt, picked up the card - looked at the card & my signature, and then handed me back my card with a 'thank you'.
Re: (Score:2)
Single bit check is not enough (Score:2)
check is really 1-bit, the fake card can respond by itself, without
relaying any data. Is it on purpose ?
Much safer way is to measure time while performing a handshake.
Yes, there ARE some technical problems, but it would be a real check.
Re: (Score:2)
A challenge response is otherwise known as a handshake. They took a small challenge because otherwise the handshake would take too much time, making the method meaningless. A few nanoseconds is a bit on the possitive
Re: (Score:2)
FC = Fake Card, FT = Fake Terminal, C = Card, T=Terminal
1. Simplest
C: Hello, I'm card
T: Really ? Then we'll check how fast can you respond. Ping!
C: Pong!
T: 6ns, good time. Now let's shake hands...
Fake is obvious
2. More complicated
C: Hello, I'm card
T: Let's see. When I say, tell me your number, ready ? Ping!
C: 12345!
T: 20ns, looks like you're real !
Fake is also simple, the FT should first get the number from the card, then transmit it to FC.
Anyway, all needed information is
Re: (Score:3, Informative)
Ultimate Financial Security (Score:2, Funny)
For the truly security minded: a wallet, a handgun, and the bottom side of your mattress. No interest charges or minimum payments!
Re:Ultimate Financial Security (Score:5, Funny)
"I'm sorry, sir, but I can't hear what you're saying through the mattress you're wearing."
Or did I misinterpret what you're suggesting?
Parent
Subtle? (Score:2)
Coincidental Similarity? (Score:1, Funny)
The Register & Original blog (Score:1)
http://www.theregister.co.uk/2007/02/06/card_secu
Original blog:
http://www.lightbluetouchpaper.org/2007/02/06/chi
nothing new here (Score:2, Interesting)
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
A bit of dumpster diving around one of them and you'd have a handful of legit card numbers to clone. All you're missing is the CVE.
Now find online retailers that don't ask for the CVE (admittedly getting fewer... My ISP doesn't for example).
Or just pay for car parks, which aren't chip/pin enabled and just take the magstripe and debit your
What I learned at OfficeMax (Score:2)
For everyone else, I've reverted to checks and cash.
Classic Quote... (Score:3, Funny)
Watchdog?
I am watching a dog.
I don't get it (Score:3, Interesting)
I think Bruce Schneier's paper [schneier.com] said it best. Sure the card is trustworthy, but when you're using any kind of smartcard, the card isn't the trust boundary. The card plus the computer (or pinpad in this case) that you're using it on is your trusted device conglomerate.
I think the real demonstration of this attack is that pinpads have vulnerabilities. Even that isn't earth-shattering. So does everything else where physical access is granted.
Which isn't to say that it isn't newsworthy (people should definitely be careful where they stick their card), but it does feed into idea #4 on the six dumbest ideas in computer security [ranum.com].
Relay attacks and terminal security (Score:2)
Basically it comes down to the fact
Easier hack? (Score:1)
1a) Create a fake terminal that looks and operates like a genuine terminal. All the terminal does is record the 4 digit PIN.
or
1b) Place a camera such that it films the terminal as the card owner types in their 4 digit PIN.
2) Steal the card
3) Use the card + pin
In short, the terminal verifies itself to the credit card compan
Way too complex (Score:2)
Then crooks simply have to collect a bunch of valid c
Re: (Score:2)
So if you only make a copy of the magnetic stripe on a card without a chip or with an inactive chip, there is a very high chance that the terminal will decline the transaction. As
Has already been done in Denmark (Score:2)
The Tetris hack was a fake (Score:2)
Sure, this shows that you can fool a user tothink they're using a valid machine, but it does not get at the transaction.
Re:The Tetris hack was a fake (Score:4, Informative)
The victim's card goes in the "fake pin machine" which is linked via laptops to a "fake card" in a "real pin machine" at another shop (in this case, a jewelers).
The laptop link makes it look like the victim's card is physically at the jewelers store, and takes care of all the validation. The victim is told the dinner price, and enters their PIN into the "fake PIN machine", which says "thank you" and prints a fake receipt. Meanwhile, the PIN number is then passed to the criminal at the jeweler to key into the real PIN machine and buy the diamonds.
Tricky to pull off due to the timing - but a real treat all the same.
Parent
Re: (Score:3, Interesting)
The there is no connection between the bank and the card-reader that has been tampered with. As far as the bank is able to see, there has been a legitimate transaction for £2000. As far as the victim sees, the transaction is for only £20 (until he receives his statement one month later).
The point is: the actual transaction is £2000. The trickery is making the victim believe he is authorising a transaction of only £20 by present
Re: (Score:3, Insightful)
Do it at a petrol station or somewhere where the price varies a lot, add £1 onto the transaction (screening out the 'obvious' figures to avoid people who put exactly £20 of petrol in for example noticing the error), and have the 'real' transaction come from the 'real' retailer and you'd get away with it for quite a while.
Petrol station employees are paid minimum wage and not security checked & have an incentive to ge
Re: (Score:2)
Re: (Score:2)
Just have to work on the shops (mainly larger ones) that insist on taking the card off you and using their own proprietary chip/pin system. They'd probably do the same "oh, we don't use those things.. here type your pin into this keypad".