Feeds

Cambridge boffins: Chip and PIN cards CAN be cloned – here's how

Chip and skim

Providing a secure and efficient Helpdesk

Boffins at Cambridge University have uncovered shortcomings in ATM security that might be abused to create a mechanism to clone chip-and-PIN cards.

The security shortcoming might already be known to criminals and creates an explanation for what might have happened in some, otherwise baffling, "phantom" withdrawal cases.

Each time a consumer uses their chip-and-PIN card, a unique "unpredictable number" is created to authenticate the transaction. Mike Bond, a research associate at the University of Cambridge Computer Lab, explains that elements of these "unique" transaction authentication numbers appear to be predictable.

The cryptographic flaw – the result of mistakes by both banks and card manufacturers in implementing the EMV* protocol – creates a means to predict that authentication code (the "unpredictable" number).

For example, if a crook had access several other authentication codes generated by the particular card (in their paper, Bond and his associates posit a scenario where a programmer is sitting behind the till at a mafia-owned shop), it would be possible for the miscreant to extract sensitive data off a chip-and-PIN cards, thus allowing the compromised smart card to be cloned. Bond explains further in a blog post (extract below).

An EMV payment card authenticates itself with a MAC of transaction data, for which the freshly generated component is the unpredictable number (UN). If you can predict it, you can record everything you need from momentary access to a chip card to play it back and impersonate the card at a future date and location. You can as good as clone the chip. It’s called a “pre-play” attack. Just like most vulnerabilities we find these days some in industry already knew about it but covered it up; we have indications the crooks know about this too, and we believe it explains a good portion of the unsolved phantom withdrawal cases reported to us for which we had until recently no explanation.

The security weakness might also be used (with somewhat greater difficulty) to run man-in-the-midddle attacks or they might be used in conjunction with malware on an ATM or Point of Sale terminal, Bond adds.

Bond discovered the security shortcoming almost by accident, while studying a list of disputed ATM withdrawals relating to someone who had their wallet stolen in Mallorca, Spain. The consumer's card was subsequently used to make five withdrawals, totaling €1,350, over the course of just an hour.

While studying EMV numbers for each transaction, Bond realised that the numbers shared 17 bits in common while the remaining 15 digits appeared to be some sort of counter, rather than a random number.

In the course of their research, the Cambridge boffins examined data from previous disputed ATM transactions as well as fresh data from ATM machines and retail Chip-and-PIN terminals – altogether 1,000 transactions at 20 different ATMs and POS terminals. This ongoing research has already "established non-uniformity of unpredictable numbers in half of the ATMs we have looked at," according to the researchers.

'We've never claimed chip-and-PIN is 100 per cent secure'

The idea that debit and credit cards fitted with supposedly tamper-proof chips might be vulnerable to a form of cloning sits awkwardly with assurances from the banking sector that the technology is highly reliable, if not foolproof.

In a statement, the UK's Financial Fraud Action told El Reg:

We've never claimed that chip and PIN is 100 per cent secure and the industry has successfully adopted a multi-layered approach to detecting any newly-identified types of fraud. What we know is that there is absolutely no evidence of this complicated fraud being undertaken in the real world. It is a complicated attack. It requires considerable effort to set up and involves a series of co-ordinated activities, each of which carries a certain risk of detection and failure for the fraudster. All these features are likely to make it less attractive to a criminal than other types of fraud.

We are confident that banks are refunding customers and upholding the law - this clearly states that the innocent victim of fraud should have their money reimbursed promptly.

Bond and his colleagues were due to present a paper (PDF) based on their research at the Cryptographic Hardware and Embedded System (CHES) 2012 conference in Leuven, Belgium this week. The paper explains how the cryptographic howler might be exploited in practice.

Many ATMs and point-of-sale terminals have seriously defective random number generators. These are often just counters, and in fact the EMV specification encourages this by requiring only that four successive values of a terminal’s “unpredictable number” have to be different for it to pass conformance testing. The result is that a crook with transient access to a payment card (such as the programmer of a terminal in a Mafia-owned shop) can harvest authentication codes which enable a “clone” of the card to be used later in ATMs and elsewhere.

More commentary on the information security aspects on the potential plastic card security weakness identified by the Cambridge boffins can be found in a blog post by Sophos here. ®

Bootnote

*EMV, also known as “Chip-and-PIN”, is used in debit and credit cards issued throughout Europe and much of Asia. The technology is also beginning to be introduced in North America. The Cambridge team estimates 1.34 billion cards issued worldwide already rely on the technology, which is primarily designed to prevent card cloning, relatively straightforward with previous magnetic-strip cards.

EMV stands for Europay, MasterCard and Visa - the three backers of the technology.

New hybrid storage solutions

More from The Register

next story
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.