Chip and PIN is broken

A Finextra member | 12 February, 2010, 09:50

This reminds me of that scene in Terminator 2.....

Adam Nybäck - Anyro - Stockholm | 13 February, 2010, 21:32

Why can't the issuer simply compare the IAD "offline PIN = false" with the CVMR "PIN verification performed by ICC"?

Steven Murdoch - University College London - London | 14 February, 2010, 00:42

Hi Adam,

The CVMR is an optional field in the transaction related data, and most UK issuers do not include it in the CDOL. We have heard that some terminals do send the CVMR to the acquirer, even if the card didn't request it. If, in these cases, the CVMR does make it back to the issuer, then yes they should be able to compare it to the CVR in the IAD.

Evidently they do not, so the interesting question becomes "Why?" One possibility is that terminals do not set the CVMR correctly, and so rejecting an authorization request due to a CVR/CVMR mismatch would lead to too many false positives.

Steven.

Adam Nybäck - Anyro - Stockholm | 14 February, 2010, 03:25

Seems like the Norwegians made the right decision requiring online PIN for their BankAxept brand (with fallback to offline signature). I think there is a similar solution for the Dancard in Denmark.

Here in Sweden there are many cards with offline PIN. However, CVMR is a requirement in the transaction data, so I hope the issuers can and do take advantage of that, at least for domestic transactions.

You suggest that the issuer could include the CVMR in the CDOL of the chip. What if the attacker then tries to alter the CVMR when it's sent from the terminal to the chip?

Steven Murdoch - University College London - London | 14 February, 2010, 04:25

"You suggest that the issuer could include the CVMR in the CDOL of the chip. What if the attacker then tries to alter the CVMR when it's sent from the terminal to the chip?"

If the attacker sends a tampered CVMR to the card, then the verification of the ARQC should fail. That is because the card will calculate the ARQC over the tampered data, but the issuer will use the legitimate CVMR from the terminal when verifying the MAC.

There is still an attack on this scheme – also tamper with the CVMR as it is sent to the acquirer. We haven't looked into how feasible this is, but at least in some cases, this connection is both unencrypted and unauthenticated.

Adam Nybäck - Anyro - Stockholm | 14 February, 2010, 06:42

"the issuer will use the legitimate CVMR from the terminal"

So including the CVMR in the CDOL will make the terminal send the CVMR separately to the chip and to the acquirer, even if the CVMR wasn't part of the terminal/acquirer protocol?

You also mentioned the possibility "that terminals do not set the CVMR correctly". If this is the case, then the issuer still cannot use it, since it would lead to false positives, right?

Steven Murdoch - University College London - London | 14 February, 2010, 14:17

"So including the CVMR in the CDOL will make the terminal send the CVMR separately to the chip and to the acquirer, even if the CVMR wasn't part of the terminal/acquirer protocol?"

I am not certain about this, but if the CVMR is included in the CDOL (as it is in some cards), but not sent to the issuer, then the issuer would not be able to verify the MAC (unless they did a hack like synthesizing it from the CVR). We're still trying to get a copy of the relevant specification (APACS 70).

"You also mentioned the possibility "that terminals do not set the CVMR correctly". If this is the case, then the issuer still cannot use it, since it would lead to false positives, right?"

Correct. If the CVMR (or equivalent) is not being set correctly, I can't think of an adequate defense against the attack. So far, we have had essentially zero feedback from the UK banking industry, so I am not sure whether this is the actual problem.

Jeremy Massey - Statoil ASA - Oslo | 15 February, 2010, 14:57

Online-PIN-only POS terminals would solve the problem the same way as ATMs do.

This is an industry-standard standard approach in many parts of Europe as it pre-dates EMV and as has been pointed out here, several national debit card schemes (still) only allow online PIN at POS just as at ATM.

It is really only in the UK and France that POS terminals do not normally support online PIN.

But, if the terminals have to go online in order to avoid other attacks, why not verify PIN at the same time?

Steven Murdoch - University College London - London | 15 February, 2010, 16:09

Hi Jeremy,

I think there is a strong case for forcing EMV transactions to be online.

EMV was designed more than 15 years ago when one could not assume that terminals could be online. Now I think it would be much more reasonable.

This would greatly simplify the system, which would go a long way to preventing future problems. It would also lower the costs of the issuing process, and of the cards themselves.

Online-PIN is not such a clear decision however. Yes, it would prevent this vulnerability, but there is still the question of how to securely get the PIN back to the issuer. At least in the UK, the acquirer to merchant link is sometimes unencrypted.

With offline-PIN, the PIN is only sent between the terminal and the card (and is potentially encrypted). With online-PIN, the PIN block will be in the clear each time it is re-encrypted. There have been cases in the US where hardware security module security was breached, leaking the PIN blocks.

So I think a better end-to-end PIN encryption scheme is needed for online-PIN, before it should be recommended. This is certainly technically feasible, but I have not seen any concrete proposals for an EMV modification to support this.

Steven.

Jan-Olof Brunila - Swedbank - Stockholm | 15 February, 2010, 17:05

Dear Sirs,

Why would anybody bother with a complex attack on chip and pin since you need 1. stolen not yet blocked card 2. the card chip must be SDA or DDA and not CDA   3. The card product must be one that alows offline 4. The terminal must be offline PIN 5. preferrably the purchase need to be offline as well. Many of these circumstances are outside the control of the fraudster. This means that at best, the thief gets away with one or two trx per stolen card for a limited amount.

Much easier to go on the internet and buy something easily sellable by just using somebody elses card number, since there are still a lot of web shops, acquirers and card issuers that do not require any security protocol, just the entry of the card number is enough. 

Steven Murdoch - University College London - London | 15 February, 2010, 17:30

"Why would anybody bother with a complex attack on chip and pin"

Quite simply, criminals could make a lot more money this way. With an ATM, you can get £500 per day. With a stolen Chip & PIN card you can get £10,000, in cash, in an hour (as a fraudster did in one disputed transaction case I dealt with, where the card was used for foreign currency purchase).

"1. stolen not yet blocked card"

This is clearly easy, as otherwise Chip & PIN would not have been introduced in the first place.

"2. the card chip must be SDA or DDA and not CDA"

All UK cards are SDA or DDA. This attack might also work CDA too, but I am not aware of any banks which issue such cards.

"3. The card product must be one that alows offline"

This attack works online too. Please see the paper.

"4. The terminal must be offline PIN"

All UK terminals implement only offline PIN. Terminals in France and Germany also support offline PIN.

"5. preferrably the purchase need to be offline as well."

Why? Our demonstration showed that the attack works for online transactions.

"Many of these circumstances are outside the control of the fraudster. This means that at best, the thief gets away with one or two trx per stolen card for a limited amount."

The fraudster can control all of these. This attack has worked with every card, from every banks, on every terminal we have tried it with (with consent of the merchant and cardholder). The amount of the fraud is limited only by the available balance of the victim, and can easily be in the £10k+ range.

"Much easier to go on the internet and buy something easily sellable by just using somebody elses card number, since there are still a lot of web shops, acquirers and card issuers that do not require any security protocol, just the entry of the card number is enough."

And many criminals do (card-not-present fraud is now almost 50% of the fraud totals in the UK). However, this takes a different skill-set from street-crime, so card theft still exists.

Adam Nybäck - Anyro - Stockholm | 16 February, 2010, 06:59

In addition to CVMR, the terminals usually sends similar information in a general (non-EMV) field to the aquirer. This field has previously been used for magstripe transactions and should have correct values for chip as well. If this is included in APACS 70 and if this is sent to the issuer by the acquirer, then the issuer could use it instead of CVMR to detect the attack by comparing it to the IAD.

Steven Murdoch - University College London - London | 16 February, 2010, 15:35

Hi Adam,

Are you referring to the ISO 8583 Point of service entry mode? I saw this mentioned in a blog post by Dave Birch. There is apparently a single-digit field which states how cardholder verification occurred, but I haven't been able to find out the encoding. That's yet another specification we should get (this one is £150, which is at least better than the £500 price tag on APACS 70).

Steven.

Jan-Olof Brunila - Swedbank - Stockholm | 16 February, 2010, 17:00

Dear Steven,

This seems then to be mainly a UK problem since several leading banks in Scandinavia are already issuing CDA chip cards and your attack as described  is not possible on these cards. Furthermore terminals in Scandinavia send the cvr to the issuer as a mandatory requirement which blocks the online mode attack also on SDA/DDA cards. And some card products, like Maestro does not allow  offline purchases so the terminal need to go online for authorisation anyway. For other card products that allow offline transactions the limits are low end which makes a 10 000 pound currency purchase impossible offline. Also most people that loose their cards over here immediately call in to block the lost card since it relieves them of liability from purchases after blocking was made. Therefore it is much easier for the fraudster to access value by sitting at home and get stolen card numbers over the internet and try to buy something online.  Especially since more than 95% of the population have broadband services at home and also pc:s, including the street criminals.

Steven Murdoch - University College London - London | 16 February, 2010, 18:43

Jan-Olof,

CDA is not sufficient to prevent this attack, nor is online authorization. What is needed is for either the card or issuer to compare the CVMR against the CVR.

The UK banks claimed to do so, but our experiments showed that they did not. The question for other countries is whether they made the same mistake. I think the only way to find out is to perform a test on the live system.

Adam Nybäck - Anyro - Stockholm | 16 February, 2010, 19:59

"Are you referring to the ISO 8583 Point of service entry mode?"

Yes, in ISO 8583 it's part of that field.

A Finextra member | 17 February, 2010, 09:37

Steven,

"Quite simply, criminals could make a lot more money this way. With an ATM, you can get £500 per day."

I would be very interested to hear the results of using your attack to get cash from an ATM.

Richard Allen.

 

 

Adam Nybäck - Anyro - Stockholm | 17 February, 2010, 10:22

Richard,

The attack doesn't work on ATMs. This is explained in the report on page 3.

Steven mentioned ATM above to explain that this non-ATM attack is more efficient than attacking ATMs. You can get £10,000, in cash, in an hour, compared to £500 per day from an ATM.

Steven Murdoch - University College London - London | 17 February, 2010, 12:28

Richard,

We detail our experiments in our paper. We also discuss the ATM case in our blog post linked to above.

We did not try the equipment in an ATM (there are some logistical problems), but since I have been told that all UK ATMs use online PIN verification, this attack would not work. When I said you could get cash, I was referring to a foreign-currency exchange, for which this attack would work.

A Finextra member | 17 February, 2010, 16:06

Steven,

Apols, I misread the ATM point in your comment.

"I was referring to a foreign-currency exchange, for which this attack would work."

Have you tried this attack against large foreign-currency exchange transactions?

Richard.

Steven Murdoch - University College London - London | 17 February, 2010, 22:44

Richard,

"Have you tried this attack against large foreign-currency exchange transactions?"

I haven't, because we have not been able to find such a place who would consent to us testing this attack, but we did try some fairly high-value transactions. I think the largest was £200, because that's all the BBC were willing to try. I do know that there are UK currency exchanges which will accept Chip & PIN, without having to hand over the card, and without presenting additional ID.

Adam Nybäck - Anyro - Stockholm | 20 February, 2010, 04:59

Steven,

"Are you referring to the ISO 8583 Point of service entry mode? I saw this mentioned in a blog post by Dave Birch. There is apparently a single-digit field which states how cardholder verification occurred, but I haven't been able to find out the encoding."

Actually, this single-digit field does not necessarily include how cardholder verification occured. I just added a comment about this on Dave's blog.

Adam.

Steven Murdoch - University College London - London | 24 February, 2010, 16:24 Thanks for the comment Adam. It seems that the task of detecting this attack is a bit more subtle than it first appeared.