This evening (Monday 26th October 2009, at 19:30 UTC), BBC Inside Out will show Saar Drimer and I demonstrating how the use of smart card readers, being issued in the UK to authenticate online banking transactions, can be circumvented. The programme will be broadcast on BBC One, but only in the East of England and Cambridgeshire, however it should also be available on iPlayer.
In this programme, we demonstrate how a tampered Chip & PIN terminal could collect an authentication code for Barclays online banking, while a customer thinks they are buying a sandwich. The criminal could then, at their leisure, use this code and the customer’s membership number to fraudulently transfer up to £10,000.
Similar attacks are possible against all other banks which use the card readers (known as CAP devices) for online banking. We think that this type of scenario is particularly practical in targeted attacks, and circumvents any anti-malware protection, but criminals have already been seen using banking trojans to attack CAP on a wide scale.
Further information can be found on the BBC online feature, and our research summary. We have also published an academic paper on the topic, which was presented at Financial Cryptography 2009.
Update (2009-10-27): The full programme is now on BBC iPlayer for the next 6 days, and the segment can also be found on YouTube.
Steven,
You may wish to amend the article as the date appears to be incorrect. I’ll be watching this tonight with great interest.
Regards
Dan Willis
@Daniel
Oops, now corrected; thanks for pointing this out. The programme airs today, Monday 26th October.
The full programme is now on BBC iPlayer for the next 7 days, and a clip is also on YouTube.
Okay, watched the feature – still slightly unsure (it doesn’t help that I don’t bank with Barclays). You can capture the PIN with a modified terminal (fine), you can capture the challenge / response (fine) and you can arrange it that the fixed part of the challenge can be identical to that of an account you own (same account or just last 4 digits the same). The latter, of course, assuming that the SDA chap cycle is identical to the CAP chap cycle.
So, login? CAP for login with Barclays? Okay – why is the SDA response the same as the CAP response? Major design flaw? Membership number and surname, I’ll grant you.
Then, once you want to set up the payment mandate, what do you do about the dynamic part of the challenge? Or is this another major design flaw? Replay attacks are a basic part of the security threat model.
Confused? I am.
Okay, sorry, read the academic paper. No salt. Bad Barclays, naughty Barclays.
@Matthew
I see you worked it out but, for the benefit of other readers, I’ll explain.
The modified terminal doesn’t capture the PIN, it just impersonates a CAP reader and requests authentication codes from the card. Since the card doesn’t have a display, the customer can’t tell this is what going on, and thinks it is just a normal point of sale transaction.
Two codes were requested — one for login (identify mode) and to do a transfer (sign mode). In neither of these does the bank provide a nonce. That means the response we get is valid until the legitimate customer logs into online banking. The crook can then use these codes to perform a fraudulent transfer.
We could have done a similar attack against NatWest/RBS, but it would have simply been harder to film. Since NatWest use respond mode, with a four digit nonce, the transaction would need to happen at the same time as the customer uses the tampered terminal.
To keep the customer comfortable, we wanted her to be present when we accessed her account (she was behind the camera, just of out shot). If we did a real time attack, this would be hard. We’d also need two camera to keep things honest, and it would be a bit stressful to set everything up to work smoothly.
You’re all Luddites – this was solved ~25 years ago.
http://www.atariarchives.org/deli/home_banking.php
Buy me a sandwich. Buy it yourself – I’ve no cash and only my C&P card on me.
http://xkcd.com/149/
Are any of you going to the Institute of Advanced Legal Studies (IALS) lecture on
“PINs, ATMs and Liability”
Given by Stephen Mason (Barrister and Associate Research Fellow) on the 04 November (18:00 – 19:00) at,
Institute of Advanced Legal Studies
Charles Clore House
17 Russell Square
London WC1B 5DR.
It’s free, to register go to,
http://www.sas.ac.uk/events/view/6706
I might see you there.
Have you also found anything about SAFECART or PAYPAL ?