During my MPhil within the Computer Lab (supervised by Markus Kuhn) I developed a card-sized device (named Smart Card Detective – in short SCD) that can monitor Chip and PIN transactions. The main goal of the SCD was to offer a trusted display for anyone using credit cards, to avoid scams such as tampered terminals which show an amount on their screen but debit the card another (see this paper by Saar Drimer and Steven Murdoch). However, the final result is a more general device, which can be used to analyse and modify any part of an EMV (protocol used by Chip and PIN cards) transaction.
Using the SCD we have successfully shown how the relay attack can be mitigated by showing the real amount on the trusted display. Even more, we have tested the No PIN vulnerability (see the paper by Murdoch et al.) with the SCD. A reportage on this has been shown on Canal+ (video now available here).
After the “Chip and PIN is broken” paper was published some contra arguments referred to the difficulty of setting up the attack. The SCD can also show that such assumptions are many times incorrect.
More details on the SCD are on my MPhil thesis available here. Also important, the software is open source and along with the hardware schematics can be found in the project’s page. The aim of this is to make the SCD a useful tool for EMV research, so that other problems can be found and fixed.
Thanks to Saar Drimer, Mike Bond, Steven Murdoch and Sergei Skorobogatov for the help in this project. Also thanks to Frank Stajano and Ross Anderson for suggestions on the project.
Why has Ross Anderson got such a chip and pin on his shoulder?
Maybe becuase it doesn’t work porperly. There isn’t the need for a PIN either. The problem is that the (particularly public e.g. this website) internet, ATM’s, and other stuff has evolved whereas security and authentication between electrnic devices has not. It (probably) never will evolve enough to be secure. No system is ever 100% secure – Matthew Broderick as David Lightman in War Games 1983.
thanks !
After the “Chip and PIN is broken” paper was published some contra arguments referred to the difficulty of setting up the attack. The SCD can also show that such assumptions are many times incorrect.
Omar, great work. Congratulations to yourself and Prof Anderson. I pray that your PhD research will be equally valuable.
Could you and Prof Anderson please help us? We have a squash club here in Heilbron, South Africa and we use magnetic cards to pay for the lights. We (the Squash Club) buys the cards from a company in Johannesburg but they charge an inordinate fee. We would like to recover the used cards and reprogram them for resale to the members.
Could you advise us where to access readers and programmers. We appreciate that this same equipment is used for fraud and thus we cannot access it – although our intentions are honourable – ie to save the club some money.
Thank you,
Jan Jooste
Am i imaging thing or did that atm at 00.5 in the french doc have a skimmer on it? Adaptation of the headphone socket as a camera for the pin, with the added card bezel, is very popular at the moment.
Pin recovery in South Africa, yeh, really!!!
Awesome work — congratulations and best wishes for your future!
Let’s hope that the UK authorities are kinder then the French ones. According to Serge Humpich, he was sent to prison for cracking the old French chip and pin system and obtaining a couple of metro tickets to prove the concept.