Feeds

Cambridge boffins: Chip and PIN cards CAN be cloned – here's how

Chip and skim

The Power of One eBook: Top reasons to choose HP BladeSystem

Boffins at Cambridge University have uncovered shortcomings in ATM security that might be abused to create a mechanism to clone chip-and-PIN cards.

The security shortcoming might already be known to criminals and creates an explanation for what might have happened in some, otherwise baffling, "phantom" withdrawal cases.

Each time a consumer uses their chip-and-PIN card, a unique "unpredictable number" is created to authenticate the transaction. Mike Bond, a research associate at the University of Cambridge Computer Lab, explains that elements of these "unique" transaction authentication numbers appear to be predictable.

The cryptographic flaw – the result of mistakes by both banks and card manufacturers in implementing the EMV* protocol – creates a means to predict that authentication code (the "unpredictable" number).

For example, if a crook had access several other authentication codes generated by the particular card (in their paper, Bond and his associates posit a scenario where a programmer is sitting behind the till at a mafia-owned shop), it would be possible for the miscreant to extract sensitive data off a chip-and-PIN cards, thus allowing the compromised smart card to be cloned. Bond explains further in a blog post (extract below).

An EMV payment card authenticates itself with a MAC of transaction data, for which the freshly generated component is the unpredictable number (UN). If you can predict it, you can record everything you need from momentary access to a chip card to play it back and impersonate the card at a future date and location. You can as good as clone the chip. It’s called a “pre-play” attack. Just like most vulnerabilities we find these days some in industry already knew about it but covered it up; we have indications the crooks know about this too, and we believe it explains a good portion of the unsolved phantom withdrawal cases reported to us for which we had until recently no explanation.

The security weakness might also be used (with somewhat greater difficulty) to run man-in-the-midddle attacks or they might be used in conjunction with malware on an ATM or Point of Sale terminal, Bond adds.

Bond discovered the security shortcoming almost by accident, while studying a list of disputed ATM withdrawals relating to someone who had their wallet stolen in Mallorca, Spain. The consumer's card was subsequently used to make five withdrawals, totaling €1,350, over the course of just an hour.

While studying EMV numbers for each transaction, Bond realised that the numbers shared 17 bits in common while the remaining 15 digits appeared to be some sort of counter, rather than a random number.

In the course of their research, the Cambridge boffins examined data from previous disputed ATM transactions as well as fresh data from ATM machines and retail Chip-and-PIN terminals – altogether 1,000 transactions at 20 different ATMs and POS terminals. This ongoing research has already "established non-uniformity of unpredictable numbers in half of the ATMs we have looked at," according to the researchers.

'We've never claimed chip-and-PIN is 100 per cent secure'

The idea that debit and credit cards fitted with supposedly tamper-proof chips might be vulnerable to a form of cloning sits awkwardly with assurances from the banking sector that the technology is highly reliable, if not foolproof.

In a statement, the UK's Financial Fraud Action told El Reg:

We've never claimed that chip and PIN is 100 per cent secure and the industry has successfully adopted a multi-layered approach to detecting any newly-identified types of fraud. What we know is that there is absolutely no evidence of this complicated fraud being undertaken in the real world. It is a complicated attack. It requires considerable effort to set up and involves a series of co-ordinated activities, each of which carries a certain risk of detection and failure for the fraudster. All these features are likely to make it less attractive to a criminal than other types of fraud.

We are confident that banks are refunding customers and upholding the law - this clearly states that the innocent victim of fraud should have their money reimbursed promptly.

Bond and his colleagues were due to present a paper (PDF) based on their research at the Cryptographic Hardware and Embedded System (CHES) 2012 conference in Leuven, Belgium this week. The paper explains how the cryptographic howler might be exploited in practice.

Many ATMs and point-of-sale terminals have seriously defective random number generators. These are often just counters, and in fact the EMV specification encourages this by requiring only that four successive values of a terminal’s “unpredictable number” have to be different for it to pass conformance testing. The result is that a crook with transient access to a payment card (such as the programmer of a terminal in a Mafia-owned shop) can harvest authentication codes which enable a “clone” of the card to be used later in ATMs and elsewhere.

More commentary on the information security aspects on the potential plastic card security weakness identified by the Cambridge boffins can be found in a blog post by Sophos here. ®

Bootnote

*EMV, also known as “Chip-and-PIN”, is used in debit and credit cards issued throughout Europe and much of Asia. The technology is also beginning to be introduced in North America. The Cambridge team estimates 1.34 billion cards issued worldwide already rely on the technology, which is primarily designed to prevent card cloning, relatively straightforward with previous magnetic-strip cards.

EMV stands for Europay, MasterCard and Visa - the three backers of the technology.

Designing a Defense for Mobile Applications

More from The Register

next story
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.