Feeds

Cambridge boffins: Chip and PIN cards CAN be cloned – here's how

Chip and skim

Top 5 reasons to deploy VMware with Tegile

Boffins at Cambridge University have uncovered shortcomings in ATM security that might be abused to create a mechanism to clone chip-and-PIN cards.

The security shortcoming might already be known to criminals and creates an explanation for what might have happened in some, otherwise baffling, "phantom" withdrawal cases.

Each time a consumer uses their chip-and-PIN card, a unique "unpredictable number" is created to authenticate the transaction. Mike Bond, a research associate at the University of Cambridge Computer Lab, explains that elements of these "unique" transaction authentication numbers appear to be predictable.

The cryptographic flaw – the result of mistakes by both banks and card manufacturers in implementing the EMV* protocol – creates a means to predict that authentication code (the "unpredictable" number).

For example, if a crook had access several other authentication codes generated by the particular card (in their paper, Bond and his associates posit a scenario where a programmer is sitting behind the till at a mafia-owned shop), it would be possible for the miscreant to extract sensitive data off a chip-and-PIN cards, thus allowing the compromised smart card to be cloned. Bond explains further in a blog post (extract below).

An EMV payment card authenticates itself with a MAC of transaction data, for which the freshly generated component is the unpredictable number (UN). If you can predict it, you can record everything you need from momentary access to a chip card to play it back and impersonate the card at a future date and location. You can as good as clone the chip. It’s called a “pre-play” attack. Just like most vulnerabilities we find these days some in industry already knew about it but covered it up; we have indications the crooks know about this too, and we believe it explains a good portion of the unsolved phantom withdrawal cases reported to us for which we had until recently no explanation.

The security weakness might also be used (with somewhat greater difficulty) to run man-in-the-midddle attacks or they might be used in conjunction with malware on an ATM or Point of Sale terminal, Bond adds.

Bond discovered the security shortcoming almost by accident, while studying a list of disputed ATM withdrawals relating to someone who had their wallet stolen in Mallorca, Spain. The consumer's card was subsequently used to make five withdrawals, totaling €1,350, over the course of just an hour.

While studying EMV numbers for each transaction, Bond realised that the numbers shared 17 bits in common while the remaining 15 digits appeared to be some sort of counter, rather than a random number.

In the course of their research, the Cambridge boffins examined data from previous disputed ATM transactions as well as fresh data from ATM machines and retail Chip-and-PIN terminals – altogether 1,000 transactions at 20 different ATMs and POS terminals. This ongoing research has already "established non-uniformity of unpredictable numbers in half of the ATMs we have looked at," according to the researchers.

'We've never claimed chip-and-PIN is 100 per cent secure'

The idea that debit and credit cards fitted with supposedly tamper-proof chips might be vulnerable to a form of cloning sits awkwardly with assurances from the banking sector that the technology is highly reliable, if not foolproof.

In a statement, the UK's Financial Fraud Action told El Reg:

We've never claimed that chip and PIN is 100 per cent secure and the industry has successfully adopted a multi-layered approach to detecting any newly-identified types of fraud. What we know is that there is absolutely no evidence of this complicated fraud being undertaken in the real world. It is a complicated attack. It requires considerable effort to set up and involves a series of co-ordinated activities, each of which carries a certain risk of detection and failure for the fraudster. All these features are likely to make it less attractive to a criminal than other types of fraud.

We are confident that banks are refunding customers and upholding the law - this clearly states that the innocent victim of fraud should have their money reimbursed promptly.

Bond and his colleagues were due to present a paper (PDF) based on their research at the Cryptographic Hardware and Embedded System (CHES) 2012 conference in Leuven, Belgium this week. The paper explains how the cryptographic howler might be exploited in practice.

Many ATMs and point-of-sale terminals have seriously defective random number generators. These are often just counters, and in fact the EMV specification encourages this by requiring only that four successive values of a terminal’s “unpredictable number” have to be different for it to pass conformance testing. The result is that a crook with transient access to a payment card (such as the programmer of a terminal in a Mafia-owned shop) can harvest authentication codes which enable a “clone” of the card to be used later in ATMs and elsewhere.

More commentary on the information security aspects on the potential plastic card security weakness identified by the Cambridge boffins can be found in a blog post by Sophos here. ®

Bootnote

*EMV, also known as “Chip-and-PIN”, is used in debit and credit cards issued throughout Europe and much of Asia. The technology is also beginning to be introduced in North America. The Cambridge team estimates 1.34 billion cards issued worldwide already rely on the technology, which is primarily designed to prevent card cloning, relatively straightforward with previous magnetic-strip cards.

EMV stands for Europay, MasterCard and Visa - the three backers of the technology.

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Getting ahead of the compliance curve
Learn about new services that make it easy to discover and manage certificates across the enterprise and how to get ahead of the compliance curve.