European Credit and Debit Card Security Broken 245
Jack Spine writes "With nearly a billion users dependent on smart banking credit and debit cards, banks have refused liability for losses where an idenification number has been provided. But now, the process behind the majority of European credit and debit card transactions is fundamentally broken, according to researchers from Cambridge University. The researchers have demonstrated a man-in-the-middle attack which fooled a card reader into accepting a number of point-of-sale transactions, even though the cards were not properly authenticated. The researchers used off-the-shelf components (PDF), and a laptop running a Python script, to undermine the two-factor authentication process on European credit and debit cards, which is called Chip and PIN."
Re:Chip and Chip security... wait a second! (Score:3, Informative)
Re:Chip and Chip security... wait a second! (Score:4, Informative)
RTFA. The problem isn't that the PIN is "stored on the card", it's that the card doesn't send any unique data to the terminal when the correct PIN is entered, it just sends a "Correct PIN was entered" message instead.
So, you stick something between the card and the terminal (the laptop) that intercepts the "Wrong PIN was entered" message from the card and forwards a "Correct PIN was entered" message to the terminal instead.
TBH I'm rather surprised that any information is allowed to be pulled off the chip without the PIN authenticating the user first; if you had to provide the correct PIN before the card would provide any information it would make it much harder to carry out the fraudulent transaction.
Not News (Score:4, Informative)
This is not news.
This is the way the system was designed.
It was designed to be shitty and insecure so fraud could continue.
It was sold as being highly secure in order to get them into widespread use and to get the laws set up to remove all liability from the banks as long as the system says the card is good.
The banks profit off of fraud.
This is all intentional, and it has been going on in criminal circles with these cards before day one. The only difference now is that some group has publicly revealed the sordid details.
Re:Chip and Chip security... wait a second! (Score:2, Informative)
Three words: Public Key Encryption.
Re:RFID passports (Score:5, Informative)
Only because America decided they wouldn't let any of us into the country if we didn't implement RFID passports.
Re:Chip and Chip security... wait a second! (Score:5, Informative)
No. The problem is that the terminal isn't validating the PIN against anything it can trust... it's sending the entered PIN to the card and trusting the result returned, which can easily be spoofed. If the PIN was server-side, it could trust a results-only message... but that's not what's happening here.
Re:Chip and Chip security... wait a second! (Score:4, Informative)
Replying to myself, if you read the PDF it details the process on page 3; the card actually does almost all of the transaction work before the PIN is entered, all the PIN enables is the "Is this transaction allowed? Yes, it's allowed. OK" part of the process.
Canada too? (Score:2, Informative)
I work in the fraud department of a UK bank (Score:5, Informative)
and this actually happens quite a bit, we usually pay out unless
it matches the customers spending pattern,
they tell us they kept the pin with the card,
a family member was doing it.
Re:We Already Know This (Score:3, Informative)
I have encountered credit card fraud quite a few times - maybe 7-10 times in the last 10 years or so. Everything from having a card stolen to the number being used fraudulently by someone online.
I have never experienced, nor has anyone I have ever encountered, any penalty at all. The $50 limit is an upper limit, apparently if the credit card issuer seems to think you are somehow complicit in the fraud. I've never had anything happen other than simply having the charges removed from the account. And getting a new number and card.
Now for the merchant that took the card, they get to eat the entire cost. Plus a chargeback from their processor. Hope they have insurance, like all the large merchants have.
This combination of cardholders not being penalized and large merchants having insurance is why the current rampant fraud situation and stolen credit card number market is how it is. You can make hundreds of dollars by selling credit card numbers and other information, and plenty of folks do just that. It's extra money. You didn't really think the waitress was getting by on just tips, did you?
Re:We Already Know This (Score:5, Informative)
This has been known for years. The machines and man-in-the-middle attacks are obvious, simply because you cannot verify the authenticity of any machine that you stick your card into and type your PIN. You have no clue that any one of them is doing what you think it should be doing. ATM machines are bad enough, but at least there is some sort of trust over the fact they are at a fixed point and there is some form of physical security around them. With chip and pin machines all you have is utterly blind faith that you have no choice but to accept, and then you get blamed for being insecure by the banks when the inevitable happens.
Please note that while this is a MIM attack, neither the ATM nor its communication links are compromised. The MIM part is in the _card_, that gives out an "This is a valid transaction PIN code" no matter what. So attach a fake card to some wires running up your sleeve into a laptop and FPGA in a back pack, and and you can draw money from the account to the maximum limit with a fake card and without entering a correct PIN code.
The sad thing is that the banks are in total denial about this, claiming that since no such attacks have been discovered, the problem doesn't exist.
--
Regards
Re:Not really surprising... (Score:5, Informative)
The problem is that the merchants have insurance and the number of fraudulent accesses is pretty small. So merchants are reluctant to spend $10,000 per terminal for a system as you describe.
They have been already forced to spend $1000-$2000 per terminal already for something that has $100 of components in it.
Sure, it could be done as you suggest. But a lot of these systems were designed to work over a 300 baud modem or with no external connection at all - just buffering stuff up until later. So now you would also require a real Internet connection from each terminal. Well, the costs just keep going up on the merchant.
The end result is that merchants just say they can't implement something like that in all locations. Or the box is too expensive and they aren't buying any of them. So instead of universal penetration it is 5 or 10 percent of the merchants.
The reason they went with a low-cost, easy-to-implement solution in the first place was to gain wide (if not universal) acceptance so these things could be at every POS location everywhere. No matter what system the merchant was using or at least minimal interface requirements. It is like credit card terminals in the US - there are still a large number of places where they put the sale information into one system and then re-key the sale into a credit card terminal because integrating is too expensive and the terminals are relatively cheap.
Re:so, we'll have to hand over our card for the ca (Score:3, Informative)
One of the selling points of this system is that you DON'T need to let your card leave your sight, or even your hand, as before when magnetic strips were used that was good indication of having your card copied.
The terminal you put your card is is usually wireless or has a long cord so you can pick it up to better hide your pin when you enter it. This makes using a card with wires going up your sleeve quite easy to get away with and keeping hold of the card is not unusual behaviour that would arouse suspicion. See the BBC video here:
http://www.bbc.co.uk/blogs/newsnight/susanwatts/2010/02/new_flaws_in_chip_and_pin_syst.html [bbc.co.uk]
Re:We Already Know This (Score:4, Informative)
Doesn't anybody read the paper?
You can not use a fake card. You need a genuine card. The MITM is between the genuine card and the terminal. The transaction goes through because "chip and PIN" isn't the only acceptable protocol. The card can also be used in combination with a signature instead of the PIN. The trick is to make the terminal think that the card is using PIN authentication while the card actually performs the (authenticated!) chip and signature protocol.
The bank usually gets the information that no PIN was sent to the card, but this information is not relayed back to the terminal in way which is both standardized and authenticated. The "PIN-OK" message from the card to the terminal is not authenticated and the authenticated transaction request/accept messages between the card and the bank (through the terminal) only contain the information in an unstandardized format. That's the flaw.