Chip-and-Pin Vulnerable To Subtle Trickery

An anonymous reader writes "Cambridge University researchers, in an investigation for BBC Television's Watchdog programme, have demonstrated a man-in-the-middle attack for the chip-and-pin credit card security system used throughout the UK and Europe. In the attack, the card is inserted into a card-reader that has been tampered with, and the information transmitted in real-time to an accomplice who uses a specially modified card to make a higher-value purchase elsewhere. The modified card-reader shows only the expected amount, but the larger amount is deducted from the victim's bank account. It would not be easy to use this method in practice because the two transactions must be made simultaneously. The same team recently demonstrated a hacked chip-and-pin terminal playing Tetris."

The Tetris hack was a fake

[EmbeddedJanitor]

It was not the real hardware hacked to play tetris. It was different hardware in the same box.

Sure, this shows that you can fool a user tothink they're using a valid machine, but it does not get at the transaction.

Re:The Tetris hack was a fake

[maubp]

It was not the real hardware hacked to play tetris. It was different hardware in the same box.

Sure, this shows that you can fool a user to think they're using a valid machine, but it does not get at the transaction.

Have you read the article? There is a fake transaction at the victim's location which appears to be paying £20 for dinner. There is a real (but fraudulent) transaction at the jewelers at the same time for $2000 of diamonds.

The victim's card goes in the "fake pin machine" which is linked via laptops to a "fake card" in a "real pin machine" at another shop (in this case, a jewelers).

The laptop link makes it look like the victim's card is physically at the jewelers store, and takes care of all the validation. The victim is told the dinner price, and enters their PIN into the "fake PIN machine", which says "thank you" and prints a fake receipt. Meanwhile, the PIN number is then passed to the criminal at the jeweler to key into the real PIN machine and buy the diamonds.

Tricky to pull off due to the timing - but a real treat all the same.

Re:

[iangoldby]

I wonder if you have misunderstood what is going on here.

The there is no connection between the bank and the card-reader that has been tampered with. As far as the bank is able to see, there has been a legitimate transaction for £2000. As far as the victim sees, the transaction is for only £20 (until he receives his statement one month later).

The point is: the actual transaction is £2000. The trickery is making the victim believe he is authorising a transaction of only £20 by present

Re:

[Tony Hoyle]

Of course if you do £20 - £2000 then you get noticed real quick.

Do it at a petrol station or somewhere where the price varies a lot, add £1 onto the transaction (screening out the 'obvious' figures to avoid people who put exactly £20 of petrol in for example noticing the error), and have the 'real' transaction come from the 'real' retailer and you'd get away with it for quite a while.

Petrol station employees are paid minimum wage and not security checked & have an incentive to ge

Re:

[ambrosen]

No copying cards. These are cards with chips, so they're carrying functions, not just data.

Yes, BUT

[matr0x_x]

This is still safer than traditional credit cards!

Re:

[Anonymous Coward]

This is still safer than traditional credit cards!

Not sure whether you're being sarcastic, but if not then safer for whom and in what way? Previously I had to sign for everything I bought on my card, and if it came to it then at least an expert should be able to spot a forgery in the event of a dispute. Now the only authorisation is typing in a 4 digit code in a crowded shop. Worse, a series of crowded shops time after time. If anyone managers to see my code then it just takes a pickpocket (or acquaintance

Re:

[mrcaseyj]

AC wrote:

..if it came to it then at least an expert should be able to spot a forgery in the event of a dispute.

That won't do you any good because clerks can't distinguish from a legitimate signature and a forged one. Therefore if the owner of a card wants to cheat the bank, they can just sign their own signature with their left hand or something and then deny the charge. If the bank doesn't believe you when you say it was fraudulent then you'll be stuck with the charge (or the store will because they didn'

This issue is not whether it is more secure...

[blorg]

...The issue is that banks have used the argument that chip and pin is 100% secure to transfer liability for fraud away from themselves and onto the cardholder.

It is more secure than a signature that is never checked, sure, but 100% secure? No way.

This effort is designed to prove that it can theoretically be defeated without posession of the physical card, but you can easily imagine the decidely low-tech method of someone looking over your shoulder as you make a transaction and then pick-pocketing your card

attack easly detected

[Technician]

Someone with a close eye on their account will notice the missing money and pull up recent transactions online. Armed with reciepts and a printout of the impossible to make dual purchases with one card in two locations, the compromised machine can be shut down (de-authorised) and legal proceedings started. This attack has a name attached to the business using the terminal.

The attack is proof of concept, but it leaves too much of a trail.

Re:

[jimstapleton]

wouldn't it be possible to use it with an online retailer somehow though?

It collects the information and simultaneiously
(A) Creates the online order with info from the card (or simply stores it for later use)
and
(B) Runs the designated order through another machine.

Re:

[maubp]

wouldn't it be possible to use it with an online retailer somehow though?

There is no PIN check with an online payment - you wouldn't need the man in the middle. All you need for the fraudulent online payment is to steal the card details (ideally including the CV2 number printed on the signature strip). Plain old fashioned photography would be enough (both sides of the card).

Re:

[profplump]

If the terminal the customer thought they were using was not making charges, and that store's owner was not in on the plot, there's a good chance the owner would figure it out in short order -- he wouldn't be getting any money from sales that used that card terminal. And even if he was in on it he'd still be losing money for the items he's giving away without any payment. It seems unlikely that this plot could go undiscovered for very long.

Re:

[It'sYerMam]

But it's going to be far easier to tamper with a terminal if the owner is in cahoots, so while you are correct, I don't think it really mitigates the problem.

Re:

[sndtech]

The Machine that the unsuspecting customer uses (machine A) is not authorized and has no connection to any bank or financial institution, the only connection machine A has is to the laptop which is in the rucksack of the attacker at another location. the normal machine (machine B) accepts the wired card as a normal smart card, because it is simply relaying the data sent from machine A to machine B. how many people would keep a receipt for a low amount purchase? of course this whole idea depends on having t

Re:

[MbM]

New hack -
Canceling out legitimate purchases with phony receipts showing simultaneous transactions.

'Watchdog' tonight

[shrykk]

This is due to be on 'Watchdog' (a popular consumers'-rights show) in about 45 minutes.

As I understand it, the point of this research is that the banks have been claiming that chip-and-pin terminals are completely tamper-proof. In fact, they may be tamper-proof from the banks' point of view (preventing fraudulent transactions by destroying encryption keys if the case is tampered with), they're not from the customers' point of view - a dodgy establishment or criminal employee could clone your card with a terminal that looks legit.

So, ripping out the innards and putting a machine playing Tetris inside looks silly, but demonstrates that the devices aren't inherently trustworthy. And this is the next step: showing that a card can be cloned and the details used to make a fraudulent transaction using modified hardware.

Re:

[ds_job]

The standard response from the Banks is:

"Our technology is infallible. You *must* have compromised your card / PIN. You will get no refund nor compensation."

What this does is point out that the first sentence is not correct and that the second does not automatically follow. I am not particularly protective of or abusive towards Chip-And-Pin but the "Nothing to do with me mate. You'll have to prove it." attitude of the banks is kind of annoying. I'm much more happy paying my taxes to find this kind of

Re:

[chgros]

a dodgy establishment or criminal employee could clone your card with a terminal that looks legit
Where did you get that from (for smart cards)? if this was the case they wouldn't have to do this complicated man-in-the-middle simultaneous transaction attack.

Re:

[Tony Hoyle]

Oh come on... there is no standard 'look' for these things - they come in all shapes and sizes, and many larger shops still take the card off you and swipe on their terminal (so you don't even *see* the chip/pin thing they just hand you a keypad which is connected to the till & may or may not be encrypted or recording your pin for later use).

You really don't have to get hold of one of the legit boxes, just make something that looks passable and has an LCD display and card reader. That gets you the pin,

Re:

[shrykk]

Where did you get that from (for smart cards)? if this was the case they wouldn't have to do this complicated man-in-the-middle simultaneous transaction attack.

You're right. As you say, it's not cloning, and what sjmurdoch and co demonstrated is a man-in-the-middle attack.

Your victim puts their card into a modified chip-and-pin terminal. At the same time, a criminal carrying a card connected to a hidden laptop goes to make a purchase in another store, putting the (fake) card in a (legitimate) terminal

Is it a big deal?

[PCM2]

Here's what I don't get: It seems to me that, at least in most of the places I've been in Europe, European businesses are unwilling to turn away purchases from American tourists. Therefore, everyplace that uses the chip and PIN system can also accept American-style swipe-the-card transactions. So if your goal was merely to steal or clone a credit card and buy yourself a nice plate of frogs' legs, wouldn't it be easier to just do it American-style?

Second, do consumers not have credit card loss protection in

That is the whole point of Chip+PIN

[blorg]

do consumers not have credit card loss protection in Europe, the way they do in the U.S.? In the U.S., you're only liable for something like $50 on a fraudulent charge

Yes, we do. The whole point of Chip+PIN is to transfer the liability for fraud to the cardholder, as any transaction made using the PIN "must" have been made by that cardholder. So no fraud protection, no reversing the charge.

Re:

[Anonymous Coward]

The Watchdog piece was very misleading.

There's a demonstration of one thing (man-in-the-middle attack on Chip and PIN user) which is either very rare or non-existent in the wild (it's hard to be certain partly because banks are so secretive). That's Slashdot-worthy, but it shouldn't be a surprise to anyone who has used Chip and PIN and thought about it, and the real solution (every user owns their own tamper-resistant terminal) is too costly to consider in the near future.

To make this demo seem "relevant" t

Hard to pull off with any card

[GiovanniZero]

I don't see any reason why this attack wouldn't work with a normal credit card machine (and not just the chip and pin cards). If you have hardware that has been tampered with the possibilities are endless really.

I personally wish that we did use the chip and pin cards in the US because it's better than signature. I usually sign for things with "PWNED" or I draw pictures of pacman or kung-fu stick figures and no one seems to notice. The security that comes with signatures is a joke.

Re:

[badfish99]

Actually, the security of signatures is in some ways better than chip-and-pin, from your point of view.

If someone steals your card and uses it, you simply repudiate the transactions. You can easily prove that they are not genuine, because the thief will not have been able to forge your signature.
If someone steals my chip-and-pin card and manages to use it, the bank will charge me for the transactions, and will simple laugh at me if I complain. Without a signature on the sales slip, I have got no proof

Re:

[Dreamstalker_wolf]

When a CC of mine was stolen a few years ago, the thief did forge my signature (or try to). Probably did a fairly bad job of it too, but try as I might I couldn't get the merchant, delivery company or my bank to cough up the alleged signature so I could look at it. As far as they were concerned, someone signed my name (and used my card), the only person that could have done so must have been me. Nevermind that I wasn't even living at the delivery address at the time.

Re:

[Belial6]

This is largely why the 'Check Cards' are so bad for consumers. I don't understand why people don't get it. With a traditional credit card, if someone commits fraud on your account, you simply deny the charges, and you don't worry about it until it is proven that you made the charges. With the check cards (or as I call them 'give my money away for free cards') when you find a fraudulent charge, you have to go around to all of the businesses that you have written checks to that are now going to bounce bec

Re:

[Clazzy]

Signatures are better theoretically but worse in practice as they require human verification whereas a machine does not care as long as a code is put in. Of course, humans are lazy and tend to accept the card regardless.
I'd say both have specific advantages and disadvantages, ultimately if the bank and customer wanted better security then both should be used side-by-side.

Check ID

[tinkerghost]

I used to print "Check ID" on the signature space on the back of the card.
A clerk, had me sign the receipt, picked up the card - looked at the card & my signature, and then handed me back my card with a 'thank you'.

Re:

[Dreamstalker_wolf]

IIRC, "Check ID" or "CID" written over your signature on the back of the card (with a green highlighter or similar so the sig is visible) is acceptable, but simply writing "See ID" (with no signature) is not. If a credit card does not have the holder's signature in the back panel, a business is within their rights to refuse the card (the card agreement states that a card is not valid for use until signed).

Re:

[Twanfox]

I've had a sum total of one (1) company refuse me service because I wrote only 'See Photo ID' on the back of the card, instead of my signature. Oddly, it was some artist supply store. Everywhere else accepts it and, on larger purchases, will check the photo ID in order to validate. I even went so far in my grumblings to call the issuing company and ask whether the 'See Photo ID' "signature" was valid. The representative I talked to saw no reason why it would not, since the whole purpose of doing so was to p

Single bit check is not enough

[nickol]

The method, proposed in the article is meaningless. If the timing
check is really 1-bit, the fake card can respond by itself, without
relaying any data. Is it on purpose ?

Much safer way is to measure time while performing a handshake.
Yes, there ARE some technical problems, but it would be a real check.

Re:

[owlstead]

"The extra step the researchers added is that the terminal sends the card a single bit *challenge* -- a 0 or 1 -- and the card *responds* in kind. The terminal can record how much time elapsed between sending and receiving the response, which would be a few nanoseconds in a normal transaction."

A challenge response is otherwise known as a handshake. They took a small challenge because otherwise the handshake would take too much time, making the method meaningless. A few nanoseconds is a bit on the possitive

Re:

[nickol]

I see several possible scenarios :

FC = Fake Card, FT = Fake Terminal, C = Card, T=Terminal

1. Simplest

C: Hello, I'm card
T: Really ? Then we'll check how fast can you respond. Ping!
C: Pong!
T: 6ns, good time. Now let's shake hands...

Fake is obvious

2. More complicated
C: Hello, I'm card
T: Let's see. When I say, tell me your number, ready ? Ping!
C: 12345!
T: 20ns, looks like you're real !

Fake is also simple, the FT should first get the number from the card, then transmit it to FC.
Anyway, all needed information is

Re:

[sjmurdoch]

Each exchange is one challenge bit and one response bit, so the timing is accurate, but this is repeated many times to give a high assurance that the real card is present (128 in the prototype). See the draft paper [cam.ac.uk] for the details.

Ultimate Financial Security

[ToneHog]

For the truly security minded: a wallet, a handgun, and the bottom side of your mattress. No interest charges or minimum payments!

Re:Ultimate Financial Security

[sunwukong]

"Lady, me and this gun here say that I'm going to pay cash for this and there's nothing you can do about it!"

"I'm sorry, sir, but I can't hear what you're saying through the mattress you're wearing."

Or did I misinterpret what you're suggesting?

Subtle?

[Timesprout]

Its a fairly complicated attack, easily traced and could only probably only be executed once or twice per location before PC Plod comes calling due to the high visibility of the villians in pulling it off. Looks like way to little return for the effort and risk involved.

Coincidental Similarity?

[andy314159pi]

Is there any relationship between Chip and Pin [wikipedia.org] and Fish and Chips [wikipedia.org]?

The Register & Original blog

[maubp]

The Register's got this now:
http://www.theregister.co.uk/2007/02/06/card_secur ity_attack/ [theregister.co.uk]

Original blog:
http://www.lightbluetouchpaper.org/2007/02/06/chip -pin-relay-attacks/ [lightbluetouchpaper.org]

nothing new here

[mgb]

So this along with the tetris hack basically says if you are a retailer and have access to a terminal or other means of getting hold of a persons credit or debit card then you can potentially do lots of dodgy stuff. Who knew!!!

Re:

[IamTheRealMike]

No, that's the whole point. If you have the card (stolen it) but not the PIN it is useless, regardless of what you do with a terminal. If you have a PIN (hacked terminal) but not the card, it's still useless. The simplest way to hack Chip'n'PIN for now is simply to bend the chip so it breaks, causing the terminals to fall back to magstripes.

Re:

[celardore]

You're right. Nothing new at all. And you don't even need to have a modified card reader. I was speaking to a guy in a small shop, I don't know how it came up, but he said that every card he puts through, they get a receipt with the full card number on it. That means that he can enter a "card not present" transaction later. It will show up on your statement, so it's traceable, but they could put these transactions through whenever they please. I guess chances are that this already happens a lot.

Re:

[Tony Hoyle]

In the UK PC World still print your entire CC number *and* expiry date on receipts (or they did a couple of months ago... I complained... again... one day they'll listen).

A bit of dumpster diving around one of them and you'd have a handful of legit card numbers to clone. All you're missing is the CVE.

Now find online retailers that don't ask for the CVE (admittedly getting fewer... My ISP doesn't for example).

Or just pay for car parks, which aren't chip/pin enabled and just take the magstripe and debit your

What I learned at OfficeMax

[jmichaelg]

When I saw that Officemax [slashdot.org] was stupidly storing atm pins, I gave up. Now, the only machine that sees my atm card is my bank's. And even there, I look at the machine to see that it hasn't been tampered with. [interesting-people.org]

For everyone else, I've reverted to checks and cash.

Classic Quote...

[ayjay29]

Anne Robbinson my arse!

Watchdog?

I am watching a dog.

I don't get it

[giminy]

This is neat, but it's not exciting. I've written a smartcard proxy service that could also be used for evil. It works by capturing the client certificate request from a tls handshake, and sends the signed response to the server (some older web apps don't know how to use pkcs#11 libraries, which is what this is used for..it strips the client cert request out of the handshake so the client is none the wiser). I could rewrite my proxy to sign all kinds of data with the smartcard once the user gives the proxy his/her PIN...I could logon to banking sites and transfer money to me, buy stuff, essentially anything that the computer could do, and not inform the user.

I think Bruce Schneier's paper [schneier.com] said it best. Sure the card is trustworthy, but when you're using any kind of smartcard, the card isn't the trust boundary. The card plus the computer (or pinpad in this case) that you're using it on is your trusted device conglomerate.

I think the real demonstration of this attack is that pinpads have vulnerabilities. Even that isn't earth-shattering. So does everything else where physical access is granted.

Which isn't to say that it isn't newsworthy (people should definitely be careful where they stick their card), but it does feed into idea #4 on the six dumbest ideas in computer security [ranum.com].

Relay attacks and terminal security

[owlstead]

This attack is a form of a relay attack. These kind of attacks can be really, really hard to avoid. Basically you need both sides to be authenticated and communicate in a secure fashion. Both sides also need to be secured ("tamper resistant" or, if possible "tamper proof"). And to top it off you must be sure that anything you sign is really correct, and that the human input (if any) isn't listened upon. Of course, you must use something to confirm the transaction as well.

Basically it comes down to the fact

Easier hack?

[ocularsinister]

I may be missing something here, but I've always thought that a much simpler hack exists - albeit you would need to steal the card too, but we are talking about criminals here.

1a) Create a fake terminal that looks and operates like a genuine terminal. All the terminal does is record the 4 digit PIN.

or

1b) Place a camera such that it films the terminal as the card owner types in their 4 digit PIN.

2) Steal the card

3) Use the card + pin

In short, the terminal verifies itself to the credit card compan

Way too complex

[AdamInParadise]

Gee, there are much simpler attacks. In several cases, crooks setted up fake "standalone" ATMs that simply captured the card and the PIN code. Since to the user it appears that the card was swallowed by a legitimate ATM, the user is not going to report at stolen right away. The effect can be reinforced by a properly dressed (read: a suit) impostor telling the customer that there is a problem with the ATM and that they will get their card back in the mail.

Then crooks simply have to collect a bunch of valid c

Re:

[AdamInParadise]

That's a possibility but it would not work in every case with "chipped" cards. For example, on EMV cards (i.e. pretty much "chipped" banking card out there), the magnetic stripe contains a field stating that this card is "chipped" and that the "chip" transaction should be tried first if the payment terminal has a smartcard reader.

So if you only make a copy of the magnetic stripe on a card without a chip or with an inactive chip, there is a very high chance that the terminal will decline the transaction. As

Cut out the middle man

[goatpunch]

Should put the keypad and display on the card itself, it'd look like one of those 'credit card' calculators.

Re:

[Tony Hoyle]

That's pretty much the only way it would work.

Just have to work on the shops (mainly larger ones) that insist on taking the card off you and using their own proprietary chip/pin system. They'd probably do the same "oh, we don't use those things.. here type your pin into this keypad".

Don't shop as Tesco - you PIN is not safe

[Alain Williams]

A couple of years ago Tesco (the largest UK supermarket chain) taped over the top of the chip & pin terminals in their stores & other outlets. They insisted that, instead, you give the till attendant the card that they plug into the side of the till and enter your PIN into the chip & pin terminal that is connected to the till by a thin black wire.

The first time that I came across (all night petrol store) this I refused on the grounds that my bank had told me to not use terminals that had been

wow...

[tommyhj]

We've had chip and pin here in Denmark for a number of years now. Before that we had magnetic cards and pins, with a photo on the back of the card and a signature. The photo was paramount, because if the pin wasn't used in transactions with only a signature, the photo would ensure that the person using the card was the owner - simple enough and pretty effective. Then they went and removed the photo... They also added a chip and hailed it's superior security, but didn't remove the magnetic stripe, and still

Has already been done in Denmark

[threaded]

Some shops had their terminals replaced with modified units that captured the required card info and pin numbers which was then used by the bad guys at some later point. Aided and abetted I might add by an upgrade to the terminals wherein the new terminals look like the old ones and the old ones were discarded in a rather sloppy manner.