Chip and SKIM: How dodgy crypto can leave shoppers open to fraud
Cambridge uni gurus to present debit, credit PIN card findings today in San Jose
UK academics today describe how criminals can forge chip-and-PIN card transactions and spend other people's money for free.
The team of University of Cambridge experts say their technique exploits a cryptographic weakness in some devices implementing the EMV (aka chip'n'PIN) standard. And they're confident they've found a separate flaw in the EMV design, too.
Fraudsters leveraging the revealed vulnerabilities can use a victim's card without knowing the PIN to make purchases that look entirely genuine – which will make life difficult for the victim when he or she tries to persuade the bank to reverse the fraudulent transactions.
"Because the transactions look legitimate, banks may refuse to refund victims of fraud," warned team member Steven J. Murdoch.
The research, titled Chip and Skim: cloning EMV cards with the pre-play attack [PDF], was drawn up by Murdoch, Mike Bond, Omar Choudary, Sergei Skorobogatov and Professor Ross Anderson, all from the University of Cambridge's Computer Laboratory.
Their work is due to be presented at the 2014 IEEE Symposium on Security and Privacy in San Jose, California, today.
As per the EMV standard, cash machines (ATMs) generate for each transaction a nonce – a supposedly unpredictable 32-bit number. This is supposed to add freshness to ensure transactions can't be replayed by fraudsters.
But it turns out some EMV terminals use counters, timestamps or crap homegrown algorithms to generate the nonces. These values are not particularly random, so this exposes victims to a “pre-play” attack that is indistinguishable in the bank's records from using a perfect physical copy of the card.
In practice, authentication data and the nonce exchanged between the card and a compromised ATM are harvested by crooks, and then successfully replayed to another cash machine: if that other machine's nonce is predictable, then, voila, you can dig into someone else's card account.
The second issue stems from a protocol design flaw: an attacker runs malware on a cash machine to intercept an authentication code sent from the victim's card to the ATM for a given ATM-generated nonce value; the attacker, in a separate transaction, replays that auth code to a second terminal regardless of the second terminal's generated nonce; finally, the attacker intercepts the second terminal's communication with the bank and alters the nonce to the original one, so the second transaction suddenly looks legit when it arrives at the bank.
The Camby team explained in a summary ahead of their presentation:
When a Chip and PIN transaction is performed, the terminal requests that the card produces an authentication code for the transaction. Part of this transaction is a number that is supposed to be random, so as to stop an authentication code being generated in advance. However, there are two ways in which the protection can by bypassed: the first requires that the Chip and PIN terminal has a poorly designed random generation (which we have observed in the wild); the second requires that the Chip and PIN terminal or its communications back to the bank can be tampered with (which again, we have observed in the wild).
To carry out the attack, the criminal arranges that the targeted terminal will generate a particular “random” number in the future (either by predicting which number will be generated by a poorly designed random number generator, by tampering with the random number generator, or by tampering with the random number sent to the bank). Then the criminal gains temporary access to the card (for example by tampering with a Chip and PIN terminal) and requests authentication codes corresponding to the “random” number(s) that will later occur. Finally, the attacker loads the authentication codes on to the clone card, and uses this card in the targeted terminal. Because the authentication codes that the clone card provides match those which the real card would have provided, the bank cannot distinguish between the clone card and the real one.
In the aftermath of the US retail chain Target's massive breach of shopping till security, banks in the US – which have lagged behind in chip and PIN deployment – have accelerated their efforts to roll out chip-and-PIN-capable cards to their customers.
The research by the Cambridge team, which has in past years produced pioneering research in the security of payment cards, shows the system "still has serious vulnerabilities, which might leave customers at risk of fraud".
Previous studies have shown that cards can be used without knowing the correct PIN, and that card details can be intercepted as a result of flawed tamper-protection.
The team's latest research goes on to suggests how bank procedures could be improved to detect whether this attack has occurred as well as proposing more improvements to the EMV system.
Work has started on mitigating one of the vulnerabilities identified by Murdoch and his colleagues; they notified the banks about a year ago. The certification requirements for random-number generators in EMV terminals have been improved, although old kit may still be vulnerable.
In a statement, the UK Cards Association acknowledged there was an issue, while playing down its significance by stating that it hadn't been abused to actually commit fraud.
While Cambridge scientists have identified a theoretically potential, but technically complicated, type of card fraud, there is absolutely no evidence of this being undertaken in the real world.
However, the industry takes any potential security attack very seriously, even when the probability of it happening is extremely small. When this issue was first raised, the industry undertook immediate steps to confirm that the security of our cards and cash machines was robust. In the highly unlikely event that a customer is the innocent victim of this, or any other less sophisticated card fraud, there is strong legal protection in place to ensure that they do not suffer any financial loss.