The 12:30 ITN news on ITV1 today featured a segment (video) on Chip and PIN, and should also be shown at 19:00 and 22:30. It included an interview with Ross Anderson and some shots of me presenting our Chip and PIN interceptor. The demonstration was similar to the one shown on German TV but this time we went all the way, borrowing a magstripe writer and producing a fake card. This was used by the reporter to successfully withdraw money from an ATM (from his own account).
More details on how the device actually works are on our interceptor page. The key vulnerabilities present in the UK Chip and PIN cards we have tested, which the interceptor relies on, are:
- The entered PIN is sent from the terminal to the card in unencrypted form
- It is still possible to use magstripe-only cards to withdraw cash, with the same PIN used in shops
- All the details necessary to create a valid magstripe are also present on the chip
This means that a crook could insert a miniaturised version of the interceptor into the card slot of a Chip and PIN terminal, without interfering with the tamper detection. The details it collects include the PIN and enough information to create a valid magstripe. The fake card can now be used in ATMs which are willing to accept cards, which from its perspective, have a damaged chip — known as “fallback”. Some ATMs might even not be able to read the chip at all, particularly ones abroad.
The fact that the chip also includes the magstripe details is not strictly necessary, since a skimmer could also read this, but the design of some Chip and PIN terminals, which only cover the chip, make this difficult. One of the complaints against the terminals used in the Shell fraud was that they make it impossible to read the chip without reading the magstripe too. This led to suggestions that customers should not use such terminals, or even that they wipe their card’s magstripe to prevent skimmers from reading it.
While it is possible that the Shell fraudsters did read the magstripe, wiping it will not be a defence against them reading the communication between terminal and chip, which includes all the needed details. Even the CVV1, the code used to verify that a magstripe is valid, is on the chip (but not the CVV2, which is the 3 digit code printed on the back, used by ecommerce). This was presumably a backwards-compatibility measure, as was magstripe fallback. As shown by countless examples before, such features are frequently the source of security flaws.
Very interesting.
I think that both sides of the debate are being a little disingenuous here.
The ITV news report made no mention of the clone card being magstripe only (E-TopUp cards are) or that the ATM shown would also have to have been reading the magstripe (I have seen press reports of SDA chip cards being allegedly “properly” cloned, i.e. onto a chip, but this is not what was demonstrated here). It is obviously more sensationalist to pretend that Chip&PIN is fundamentally flawed when it is actually the necessary co-existence with magstripe that is the weakness (along with cheapskating on SDA admittedly). The continued existence of “magstripe only” or “magstripe fallback” POS/ATM equipment both here and abroad was always going to be a risk to UK Chip and PIN.
However from a consumer acceptance perspective, it could never have realistically been introduced without this backward compatibility, however problematic that is from a security point of view. What were the UK banks supposed to do? Leave things as they were and not go EMV? Wait for the rest of the world to be ready and switch off magstripe globally on the same day? Let’s be realistic: I hear criticisms of the solution from the security camp but not practicable alternatives………
The “discovery” that PINs are in the clear in SDA card/PED conversations and that magstripe ATMs can be exploited using this data is not news to the industry. Even in retail, let alone banking, anyone doing Chip&PIN certifications spotted this very quickly a very long time ago. The schemes/banks clearly took a calculating decision before launch that the risk of “skimming with PINs” occurring was acceptable given the massive losses without EMV. Their solution was to put the onus on securing the PEDs to prevent PIN capture via intercepting card communication (which of course also conveniently transfers the security cost to the retailer). The fact that the physical security certifications that a PED must pass seem to be worthless, (as demonstrated by the Shell case) is the only real implementation issue here. The VISA PED certification (which is one of several the trintech PED passed to obtain certification) specifies that the unit should not remain operable after physical compromise unless the attackers spend a minimum of $25,000 on an attack mechanism PER TERMINAL compromised!! Maybe the Shell fraudsters spent that but I doubt it…….
The simple fact is that a massive security hole (until the rest of the world / pub ATMs catch up and we can ditch magstripe) in a potentially secure system is better from a bank perspective than a fatally compromised legacy system like magstripe. DDA from the off would have been nice but that would’ve cost the issuers money. They are happy to wait and spend the money now it’s been proved necessary i.e. they wait until SDA exploits become a real world problem and only then spend the money issuing DDA cards. It is no coincidence that UK POS equipment has had to be ready to cope with DDA cards from day one…..
The problem here really is not the vulnerabilities themselves but, as Ross Anderson says, the APACS stance (which they cannot now sustain) that it has been a 100% secure system from day one and the associated immediate liability shift to consumers by issuing member banks (as, historically, they have mostly done with ghost ATM withdrawals). I agree that this is scandalous and unacceptable but it is important not to confuse that with Chip&PIN being a bad idea because it is not. We are simply in an imperfect transition phase away from magstripe and that is unavoidable.
It appears that crooks in France are now cloning cards chip -> chip rather than chip -> magstrip. As they don’t get the MAC key, this means that the clones won’t work in online terminals, but there are enough terminals working offline (e.g. supermarkets) for it to be a worthwhile attack.
The visible effect, from the customer’s viewpoint, is that a stolen card can be used by a thief even if the PIN was not compromised – the thief copies the data to a card whose PIN he knows and uses that. The log shows the PIN verified OK and the bank then blames the customer for negligence. There is evidence that this may now have spread to the UK.
“It appears that crooks in France are now cloning cards chip -> chip rather than chip -> magstrip.”
But this is with SDA, right? (if it’s DDA I suggest we return to livestock bartering immediately).
@TillMonkey
Thanks for your comments.
Yes, I would have preferred more details to have been given, but the programme has to make the material accessible to the general public. One of the motivations behind this post and the associated webpage is to give these details to those who are interested.
Personally I am just happy that there wasn’t anything blatantly incorrect in the programme. Also, I wonder if the producer didn’t want to give away to much information, to defend against accusations of helping the criminals. This was a stated concern for a previous film-crew.
Disabling magstripe fallback in UK ATMs would defend against these sorts of attacks. This would shift fraud to overseas, but there detection mechanisms have a better chance. Having different cards or PINs for ATMs, Chip & PIN and use abroad would also improve security. The banks are in a position to fix some of these problems, but while they can push the cost of fraud to victims, nothing is going to change.
Although, DDA will not fix all these problems. Relay attacks will still work. I will also be eager to see if a fraudster could cause a terminal to fall back to SDA authentication of cards. We won’t know until the cards come out, but at least in the SDA cards, banks have chosen to sign very few details, leaving open the possibility of attack.
“The log shows the PIN verified OK and the bank then blames the customer for negligence”
The Application Cryptogram shows that the genuine card was not used. The customer is off the hook.
@TillMonkey
I believe that the transaction is using SDA authentication, yes. However, as Anne and Lynn Wheeler point out, I think it is better to consider this an attack on the terminal rather than a weakness of the card.
Even if the UK banks do deploy DDA cards, if the crooks can fool a terminal into falling back to SDA authentication, the “yes card” attack still works. Such subtle bugs have laid undetected in APIs and protocols for years, so we will see how EMV fairs.
>The Application Cryptogram shows that the genuine card was
>not used. The customer is off the hook.
Sadly the application cryptogram can only be verified by the bank — it’s symmetric cryptography based and they obviously can’t lend out the key. So this provides no assurance for the customer if it is the bank they are in dispute with — only their adversary can let them off the hook.
I suppose escrow of MAC keys to an indepdendent third party who can adjudicate for customers is a possibility, but seeing as EMV permits issuer specific algorithms for the MACing (in practice they are nearly all 3DES-CBCish) then the escrow would have to be more than just keys, it would have to be code and HSMs etc. as well. Not very practical :-/
I agree with TillMonkey that EMV is not a bad/ineffective protocol. But its incredible flexibility allows you to implement very strong or very weak compliant systems, and also allows it to be used for all sorts of ends, both laudable and nefarious. A real swiss-army knife?
P.S. While we’re talking about DDA, remember real-time relay attacks are still on the cards.
Sorry, responding to various points from different posts…..
A good idea but it’s back to consumer acceptance I’m afraid: it’s been difficult enough to get people to start using PINs at all. Telling them they also need different ones for the same debit/ATM multifunction card would’ve been a marketing non-starter (and, for good or ill, the the marketers will always win…..)
I may be missing a point but wouldn’t a “real world” relay attack just be practically impossible? It sounds like it would actually mean a green plastic “card” covered in soldered contacts with wires leading into bad guys’ pocket being used at the target POS? I know shop staff have cheerfully watched people signing “Donald Duck” for years but this would require a degree of negligence/collusion that would would be impossible to explain away come chargeback time….??
@TillMonkey
There are already contactless smartcards available, so producing a wireless relay is clearly technically feasible. The open question is whether it is possible to make with readily available components. Fabricating a special purpose IC is not inconceivable for crooks (e.g. modchips), but might make this attack uneconomical.
Even if wires are needed, in a previous case I heard of, the crook melted fine wires into the body of a real card. Where the card is not handled by the shop staff, I think the sleight of hand required to pull this off is well below the standard of your average children’s party magician. In some places I have seen, the terminal is on the customer’s side of a screen, making it even easier.
One of the problems with this story and how it has been reported is that it makes blanket statements with regards to the security of POS terminals. This type of attack has been known for some time and in a well designed POS terminal it is rather difficult to insert an interceptor that would not be visible upon examining the terminal (e.g. by a shop keeper).
The majority of POS terminals in use must undergo security evaluations, which look for such vulnerabilities. It would be interesting to determine if these evaluations are effective in weeding out badly designed terminals. The recent shell case calls this into question as the trintech terminal was evaluated under Visa PED, ZKA and perhaps “APACS Common Criteria”.
I do however agree that these “issues” are brought to light so that banks cannot claim that chip and pin offers perfect security.
A couple of thoughts from me…
Steven, I think forcing multiple PINs is probably untenable long term. Basically at the end of the day, when you consider going across totally heterogeneous systems operated by different parties, there’s no way you can enforce that people use different passwords for each. So why try to have it in banking? It’s a battle you can’t win long term. When Mastercard CAP comes for internet banking, it would be really nice to have a different PIN for that as for POS payment, to get separation between the systems, but then thats a third contender…
With regards to the relay attack, TillMonkey and Jon discuss whether various foreign devices inserted into POS terminals are concealable or practical.
We must consider here, first and foremost the incentives of the involved parties to detect such devices, their possible tacit and explicit collusion, and what rewards or benefits there might be from them doing their part. The standard of concealment actually attainable I believe is a second priority, and I think this is a question where many of us can do little more than speculate.
Steven’s analogy of the children’s magician is maybe a little tame… magicians may be great at making rabbits appear from inside their coats, but a more relevant sleight of hand is that of the shoplifter, who does the same sort of trick, except in reverse.
I think that the relay attack is doable, it will end up as a real threat; it is the attachable interceptor that we prototyped that will have the limited lifespan. It may well work for a while, but once DDA cards come in and the PIN goes in encrypted form, it will no longer become an economical attack method. By this I don’t mean that POS attacks will stop, just that this specific POS attack vector will become obsolete. Then it will probably be cheaper to use whole counterfeit terminals, maybe. Or maybe go back to double-swiping and hidden camera… after all, that’s proven technology.
Jon, I think this shows that security evaluation standards are an imperfect tool. Standards have so many problems, especially when many players only buy kit that conforms to a standard because of regulatory body requirements, or suchlike. I have never gone out to buy a fluffly toy for my kid and looked for the “CE” mark on the bottom; the presence of such a mark only comes into play when things go wrong and it’s litigation time. Its such a complicated multi-way relationship between POS terminal manufacturers, till software integrators, merchants, acquiring banks and issuing banks that its very difficult to tell who relies upon a security evaluation, who comissioned the evaluation, and who wrote the standard. The chances of the economic incentives of all these parties being properly aligned is slim, I guess, so problems persist.
Not exactly “adversary”.
The AC is verified by the issuer bank, whereas the money is claimed by the acquirer bank.
Even when it is the same bank, I find it hard to believe they would actually cheat.
Anyhow, offline transactions are decreasing in number and are in any case limited to relatively small amounts. I consider SDA and DDA marginal. Comminications are nowadays avaliable, cheap and fast. Go online.
JR,
>Not exactly “adversary”.
Don’t get me wrong, I’m not saying the default relationship between customer and bank is adversarial. But if you happen to be in dispute, an assumption I explicitly made in the post, I would say that this is by its very nature an adversarial relationship.
>I consider SDA and DDA marginal. Comminications are
>nowadays avaliable, cheap and fast. Go online.
Yes I agree that in today’s connected world offline should become less and less common. But I think security for offline operation will remain important even if it becomes a rare occurrence, because despite the good connectivity of today, guarantees of availability are hard to come by.
Suppose the authorisation requests from a big department store are routed via the internet to the acquirer (through all sorts of encrypted tunnels and VPNs). Now imagine a DDoS attack gets aimed at their gateway, and they lose their connectivity. That afternoon, a troop of crims with SDA ‘Yes cards’ go in and start ripping the place off. The store would lose even more business if it shut, so it daren’t do that.
Now in that situation there is a clear advantage to DDA. Not saying this is an imminent mode of attack, but just that there is a different between having connectivity to improve security and assuming connectivity to improve security.
Mike.
“Communications are
nowadays avaliable, cheap and fast”
Agreed but they are also, crucially, not very reliable unless you pay heavily for it; which retailers are always reluctant to do (especially given the fact that the cost is multiplied by the number of stores they operate)
Add to that the stores which will inevitably be too far away from the exchange for even cheap xDSL connectivity (petrol stations, ironically enough, are the classic example here) and, as Mike says, it becomes very difficult to assume “online” as the default scenario.
“Even the CVV1, the code used to verify that a magstripe is valid, is on the chip (but not the CVV2, which is the 3 digit code printed on the back, used by ecommerce).”
This is not the case. The CVV on the chip should be CVV3 which is rather different from CVV1.
In fact, this is the protection that should be in place in order to prevent one from getting to know the magstripe data (including CVV) just by listening to the communication between the terminal and the chip.
@Boris
Perhaps it should be, but that is not what the banks in the UK have done. All the cards we have looked at use the same CVV on the magstripe as they do in the “Track 2 equivalent data” field on the chip.
The card which the ITV team sucessfully used to withdraw money had a magstripe generated from the original card’s chip data.
Which banks have you found whose cards have a different CVV on the chip?