European Credit and Debit Card Security Broken 245
Jack Spine writes "With nearly a billion users dependent on smart banking credit and debit cards, banks have refused liability for losses where an idenification number has been provided. But now, the process behind the majority of European credit and debit card transactions is fundamentally broken, according to researchers from Cambridge University. The researchers have demonstrated a man-in-the-middle attack which fooled a card reader into accepting a number of point-of-sale transactions, even though the cards were not properly authenticated. The researchers used off-the-shelf components (PDF), and a laptop running a Python script, to undermine the two-factor authentication process on European credit and debit cards, which is called Chip and PIN."
Re:Chip and Chip security... wait a second! (Score:1, Interesting)
Wouldn't this be simple to fix by making the terminal send first wrong pin and then entered one? If you have something sending "OK" answer in the middle to both requests, the terminal can fail the transaction. Or did I misunderstand something...?
Re:Chip and Chip security... wait a second! (Score:3, Interesting)
How about storing the PIN similar to how TrueCrypt validates a hash? One value is a random salt, which is decrypted by the PIN the user types in, and that is compared to the second value. Add in a number of rounds to help deter brute forcing.
However, what really is needed is for the smart card to either delay access with an exponentially increasing time, or after 3-5 bad guesses, the card blocks access to the PIN, until released by the provider, similar to how GSM SIM cards work.
Best of all worlds is if the European banks just went with a true smart card system in the first place, where offline transactions were signed/decrypted on chip by the card, and the card readers presented the transaction to be signed or declined.
Re:We Already Know This (Score:3, Interesting)
This doesn't seem like the average attack we see in the United States, where a false card reader and camera copy a victim's credit card stripe and PIN respectively. I'm by no means an expert in Chip and PIN, but Wikipedia indicates that the smart card chip is much more difficult to copy than the US's magnetic stripes:
http://en.wikipedia.org/wiki/Chip_and_pin [wikipedia.org]
From the text:
"Once the card has been verified as authentic, the customer enters a 4-digit PIN..."
It doesn't say whether all the credit card information is passed during this handshake, but if it's not, it wouldn't be possible to copy the card just by reading it.
chip and pin fail (Score:2, Interesting)
Re:Chip and Chip security... wait a second! (Score:5, Interesting)
The problem is that the server storing your account information is trusting the terminal.
If the terminal can get away with trusting the signal it's getting from the card, then it's actually possible for a counterfeit terminal to rob you without even having the card.
Do they still need the card? (Score:3, Interesting)
I'm just curious as the article summary and article don't mention (I guess the PDF might, but from the article's description, it isn't clear)...
Do they still need the card?
The article seems to describe the attack as a man-in-the-middle attack.. i.e. card -> their device -> the card reader/writer. So the card instigates all the important bits (which back account number, etc.), and then their device sends back an 'OK' to the card reader/writer, happily ignoring the PIN part.
But does that mean they do still need to have a card? Or could they easily make their own card with the details of whoever (let's say they grab the bank account # off of some business registry website), and then go ahead and perform transactions with it + their device?
Slightly wrong (Score:3, Interesting)
The article states that the banks dont accept liability for a transaction performed with PIN. This is true however the liability isn't pushed to the consumer, it is accepted by the card issuer instead (i.e. mastercard, visa etc.).
I also disagree with their assertion that chip and pin is fundamentally broken. EMV requires the card to generate a cryptogram at the end of the transaction. The card can simply refuse to generate this data if it hasn't received the correct PIN. I am a little suprised that the cards they tried don't do this already.
Some people here have suggested that the PIN be authenticated online. The EMV standard actually supports online authentication of PIN, its just that some banks choose to issue cards that use a PIN that is verified by the card instead because they don't have the systems in place to support online verification. Many banks
For all the people saying that the designers of the system dont know what they are doing i suggest they read the specifications (freely available on the emvco website). They are actually quite good and do support pretty much all of the improvements people here have suggested (and more). The problem is they need to be practical as well, something that most comments here don't consider. There is no point designing a foolproof system that no-one can use.
This hole can be removed and it most certainly will be if criminals start to exploit it.
Re:Chip and Chip security... wait a second! (Score:3, Interesting)
To actually be secure, the card and the terminal would need to generate a shared secret in a way immune to a MitM attack, which can only reasonably be done with a certificate and a certificate authority (or other public key infrastructure), just as is done with HTTPS. Even then the terminal would need to be occasionally online to get cert updates, so it's not a perfect solution (plus there are still cert and CA based attacks possible).
Re:We Already Know This (Score:3, Interesting)
Penalizing the cardholder doesn't help at all. How can I, as a cardholder, prevent a crooked waitress from swiping the card through a skimmer as well as doing the real transaction? Or just using a camera to record an image of the card? For that sort of scenario to be stopped, the system itself has to change first. The cards must be made difficult to copy and difficult to forge (which is a goal of the chipped cards, but doesn't seem to have been accomplished). And, to prevent out-and-out theft of the card, some second factor must be used which cannot be easily copied. A PIN simply doesn't work, as it's trivially easy to capture a PIN (since the PIN pad is under the control of the crooked employee).
The basic problem with credit card security is you give away your authentication tokens every time you use the card. No amount of penalizing the cardholder will prevent that.
Re:Noviant Haydont (Score:4, Interesting)
The US has massive plans to implement EMV. The main difference is that banks are quite opposed to it because the cost of overhauling their complete architecture for the sake of fraud is quite a difficult thing to sell -- we're not talking about a simple card update, every single Point of Sale will need a new terminal, every single individual will need his card replaced. How many credit cards are used in North America? 700 million if my memory serves me well, or more. At roughly $15 per card, when bought in high quantities, that's quite a lot of money. Each terminal costs roughly $150-$230, so that's not a small investment either.
Next to that, you need the network connectivity, and the servers to handle it. I remember discussing this with a colleague some time ago, and by eyeballing it quickly, we got a number of roughly $100 to $130 per customer. Obviously, the banks could always ask for more cash from the government to pay for it?
Source: I work in the industry.