Blog article
See all stories »

Chip and PIN is broken

There was a 9-minute film on Newsnight yesterday evening (available online) showing some research by Saar Drimer, Ross Anderson, Mike Bond and me. We demonstrate a middleperson attack on EMV which lets criminals use stolen chip and PIN cards without knowing the PIN.

Our technical paper “Chip and PIN is Broken” explains how. It has been causing quite a stir as it has circulated the banking industry privately for over 2 months, and it has been accepted for the IEEE Symposium on Security and Privacy, the top conference in computer security. (See also our FAQ, press release, and summary from the BBC.)

The flaw is that when you put a card into a terminal, a negotiation takes place about how the cardholder should be authenticated: using a PIN, using a signature or not at all. This particular subprotocol is not authenticated, so you can trick the card into thinking it’s doing a chip-and-signature transaction while the terminal thinks it’s chip-and-PIN. The upshot is that you can buy stuff using a stolen card and a PIN of 0000 (or anything you want). We did so, on camera, using various journalists’ cards. The transactions went through fine and the receipts say “Verified by PIN”.

It’s no surprise to us or bankers that this attack works offline (when the merchant cannot contact the bank). But the real shocker is that it works online too: even when the bank authorisation system has all the transaction data sent back to it for verification.

Read more at Light Blue Touchpaper...

Equipment used for EMV middleperson attack

Comments: (23)

A Finextra member
A Finextra member 12 February, 2010, 09:50Be the first to give this comment the thumbs up 0 likes

This reminds me of that scene in Terminator 2.....

Adam Nybäck
Adam Nybäck - Anyro - Stockholm 13 February, 2010, 21:32Be the first to give this comment the thumbs up 0 likes

Why can't the issuer simply compare the IAD "offline PIN = false" with the CVMR "PIN verification performed by ICC"?

Steven Murdoch
Steven Murdoch - University College London - London 14 February, 2010, 00:42Be the first to give this comment the thumbs up 0 likes

Hi Adam,

The CVMR is an optional field in the transaction related data, and most UK issuers do not include it in the CDOL. We have heard that some terminals do send the CVMR to the acquirer, even if the card didn't request it. If, in these cases, the CVMR does make it back to the issuer, then yes they should be able to compare it to the CVR in the IAD.

Evidently they do not, so the interesting question becomes "Why?" One possibility is that terminals do not set the CVMR correctly, and so rejecting an authorization request due to a CVR/CVMR mismatch would lead to too many false positives.

Steven.

Adam Nybäck
Adam Nybäck - Anyro - Stockholm 14 February, 2010, 03:25Be the first to give this comment the thumbs up 0 likes

Seems like the Norwegians made the right decision requiring online PIN for their BankAxept brand (with fallback to offline signature). I think there is a similar solution for the Dancard in Denmark.

Here in Sweden there are many cards with offline PIN. However, CVMR is a requirement in the transaction data, so I hope the issuers can and do take advantage of that, at least for domestic transactions.

You suggest that the issuer could include the CVMR in the CDOL of the chip. What if the attacker then tries to alter the CVMR when it's sent from the terminal to the chip?

Steven Murdoch
Steven Murdoch - University College London - London 14 February, 2010, 04:25Be the first to give this comment the thumbs up 0 likes

"You suggest that the issuer could include the CVMR in the CDOL of the chip. What if the attacker then tries to alter the CVMR when it's sent from the terminal to the chip?"

If the attacker sends a tampered CVMR to the card, then the verification of the ARQC should fail. That is because the card will calculate the ARQC over the tampered data, but the issuer will use the legitimate CVMR from the terminal when verifying the MAC.

There is still an attack on this scheme – also tamper with the CVMR as it is sent to the acquirer. We haven't looked into how feasible this is, but at least in some cases, this connection is both unencrypted and unauthenticated.

Adam Nybäck
Adam Nybäck - Anyro - Stockholm 14 February, 2010, 06:42Be the first to give this comment the thumbs up 0 likes

"the issuer will use the legitimate CVMR from the terminal"

So including the CVMR in the CDOL will make the terminal send the CVMR separately to the chip and to the acquirer, even if the CVMR wasn't part of the terminal/acquirer protocol?

You also mentioned the possibility "that terminals do not set the CVMR correctly". If this is the case, then the issuer still cannot use it, since it would lead to false positives, right?

Steven Murdoch
Steven Murdoch - University College London - London 14 February, 2010, 14:17Be the first to give this comment the thumbs up 0 likes
"So including the CVMR in the CDOL will make the terminal send the CVMR separately to the chip and to the acquirer, even if the CVMR wasn't part of the terminal/acquirer protocol?"
I am not certain about this, but if the CVMR is included in the CDOL (as it is in some cards), but not sent to the issuer, then the issuer would not be able to verify the MAC (unless they did a hack like synthesizing it from the CVR). We're still trying to get a copy of the relevant specification (APACS 70).
"You also mentioned the possibility "that terminals do not set the CVMR correctly". If this is the case, then the issuer still cannot use it, since it would lead to false positives, right?"
Correct. If the CVMR (or equivalent) is not being set correctly, I can't think of an adequate defense against the attack. So far, we have had essentially zero feedback from the UK banking industry, so I am not sure whether this is the actual problem.
Jeremy Massey
Jeremy Massey - Statoil ASA - Oslo 15 February, 2010, 14:57Be the first to give this comment the thumbs up 0 likes

Online-PIN-only POS terminals would solve the problem the same way as ATMs do.

This is an industry-standard standard approach in many parts of Europe as it pre-dates EMV and as has been pointed out here, several national debit card schemes (still) only allow online PIN at POS just as at ATM.

It is really only in the UK and France that POS terminals do not normally support online PIN.

But, if the terminals have to go online in order to avoid other attacks, why not verify PIN at the same time?

Steven Murdoch
Steven Murdoch - University College London - London 15 February, 2010, 16:09Be the first to give this comment the thumbs up 0 likes

Hi Jeremy,

I think there is a strong case for forcing EMV transactions to be online.

EMV was designed more than 15 years ago when one could not assume that terminals could be online. Now I think it would be much more reasonable.

This would greatly simplify the system, which would go a long way to preventing future problems. It would also lower the costs of the issuing process, and of the cards themselves.

Online-PIN is not such a clear decision however. Yes, it would prevent this vulnerability, but there is still the question of how to securely get the PIN back to the issuer. At least in the UK, the acquirer to merchant link is sometimes unencrypted.

With offline-PIN, the PIN is only sent between the terminal and the card (and is potentially encrypted). With online-PIN, the PIN block will be in the clear each time it is re-encrypted. There have been cases in the US where hardware security module security was breached, leaking the PIN blocks.

So I think a better end-to-end PIN encryption scheme is needed for online-PIN, before it should be recommended. This is certainly technically feasible, but I have not seen any concrete proposals for an EMV modification to support this.

Steven.

Jan-Olof Brunila
Jan-Olof Brunila - Swedbank - Stockholm 15 February, 2010, 17:05Be the first to give this comment the thumbs up 0 likes

Dear Sirs,

Why would anybody bother with a complex attack on chip and pin since you need 1. stolen not yet blocked card 2. the card chip must be SDA or DDA and not CDA   3. The card product must be one that alows offline 4. The terminal must be offline PIN 5. preferrably the purchase need to be offline as well. Many of these circumstances are outside the control of the fraudster. This means that at best, the thief gets away with one or two trx per stolen card for a limited amount.

Much easier to go on the internet and buy something easily sellable by just using somebody elses card number, since there are still a lot of web shops, acquirers and card issuers that do not require any security protocol, just the entry of the card number is enough. 

Steven Murdoch
Steven Murdoch - University College London - London 15 February, 2010, 17:30Be the first to give this comment the thumbs up 0 likes
"Why would anybody bother with a complex attack on chip and pin"
Quite simply, criminals could make a lot more money this way. With an ATM, you can get £500 per day. With a stolen Chip & PIN card you can get £10,000, in cash, in an hour (as a fraudster did in one disputed transaction case I dealt with, where the card was used for foreign currency purchase).
"1. stolen not yet blocked card"
This is clearly easy, as otherwise Chip & PIN would not have been introduced in the first place.
"2. the card chip must be SDA or DDA and not CDA"
All UK cards are SDA or DDA. This attack might also work CDA too, but I am not aware of any banks which issue such cards.
"3. The card product must be one that alows offline"
This attack works online too. Please see the paper.
"4. The terminal must be offline PIN"
All UK terminals implement only offline PIN. Terminals in France and Germany also support offline PIN.
"5. preferrably the purchase need to be offline as well."
Why? Our demonstration showed that the attack works for online transactions.
"Many of these circumstances are outside the control of the fraudster. This means that at best, the thief gets away with one or two trx per stolen card for a limited amount."
The fraudster can control all of these. This attack has worked with every card, from every banks, on every terminal we have tried it with (with consent of the merchant and cardholder). The amount of the fraud is limited only by the available balance of the victim, and can easily be in the £10k+ range.
"Much easier to go on the internet and buy something easily sellable by just using somebody elses card number, since there are still a lot of web shops, acquirers and card issuers that do not require any security protocol, just the entry of the card number is enough."
And many criminals do (card-not-present fraud is now almost 50% of the fraud totals in the UK). However, this takes a different skill-set from street-crime, so card theft still exists.
Adam Nybäck
Adam Nybäck - Anyro - Stockholm 16 February, 2010, 06:59Be the first to give this comment the thumbs up 0 likes

In addition to CVMR, the terminals usually sends similar information in a general (non-EMV) field to the aquirer. This field has previously been used for magstripe transactions and should have correct values for chip as well. If this is included in APACS 70 and if this is sent to the issuer by the acquirer, then the issuer could use it instead of CVMR to detect the attack by comparing it to the IAD.

Steven Murdoch
Steven Murdoch - University College London - London 16 February, 2010, 15:35Be the first to give this comment the thumbs up 0 likes

Hi Adam,

Are you referring to the ISO 8583 Point of service entry mode? I saw this mentioned in a blog post by Dave Birch. There is apparently a single-digit field which states how cardholder verification occurred, but I haven't been able to find out the encoding. That's yet another specification we should get (this one is £150, which is at least better than the £500 price tag on APACS 70).

Steven.

Jan-Olof Brunila
Jan-Olof Brunila - Swedbank - Stockholm 16 February, 2010, 17:00Be the first to give this comment the thumbs up 0 likes

Dear Steven,

This seems then to be mainly a UK problem since several leading banks in Scandinavia are already issuing CDA chip cards and your attack as described  is not possible on these cards. Furthermore terminals in Scandinavia send the cvr to the issuer as a mandatory requirement which blocks the online mode attack also on SDA/DDA cards. And some card products, like Maestro does not allow  offline purchases so the terminal need to go online for authorisation anyway. For other card products that allow offline transactions the limits are low end which makes a 10 000 pound currency purchase impossible offline. Also most people that loose their cards over here immediately call in to block the lost card since it relieves them of liability from purchases after blocking was made. Therefore it is much easier for the fraudster to access value by sitting at home and get stolen card numbers over the internet and try to buy something online.  Especially since more than 95% of the population have broadband services at home and also pc:s, including the street criminals.

Steven Murdoch
Steven Murdoch - University College London - London 16 February, 2010, 18:43Be the first to give this comment the thumbs up 0 likes

Jan-Olof,

CDA is not sufficient to prevent this attack, nor is online authorization. What is needed is for either the card or issuer to compare the CVMR against the CVR.

The UK banks claimed to do so, but our experiments showed that they did not. The question for other countries is whether they made the same mistake. I think the only way to find out is to perform a test on the live system.

Adam Nybäck
Adam Nybäck - Anyro - Stockholm 16 February, 2010, 19:59Be the first to give this comment the thumbs up 0 likes

"Are you referring to the ISO 8583 Point of service entry mode?"

Yes, in ISO 8583 it's part of that field.

A Finextra member
A Finextra member 17 February, 2010, 09:37Be the first to give this comment the thumbs up 0 likes

Steven,

"Quite simply, criminals could make a lot more money this way. With an ATM, you can get £500 per day."

I would be very interested to hear the results of using your attack to get cash from an ATM.

Richard Allen.

 

 

Adam Nybäck
Adam Nybäck - Anyro - Stockholm 17 February, 2010, 10:22Be the first to give this comment the thumbs up 0 likes

Richard,

The attack doesn't work on ATMs. This is explained in the report on page 3.

Steven mentioned ATM above to explain that this non-ATM attack is more efficient than attacking ATMs. You can get £10,000, in cash, in an hour, compared to £500 per day from an ATM.

Steven Murdoch
Steven Murdoch - University College London - London 17 February, 2010, 12:28Be the first to give this comment the thumbs up 0 likes

Richard,

We detail our experiments in our paper. We also discuss the ATM case in our blog post linked to above.

We did not try the equipment in an ATM (there are some logistical problems), but since I have been told that all UK ATMs use online PIN verification, this attack would not work. When I said you could get cash, I was referring to a foreign-currency exchange, for which this attack would work.

A Finextra member
A Finextra member 17 February, 2010, 16:06Be the first to give this comment the thumbs up 0 likes

Steven,

Apols, I misread the ATM point in your comment.

"I was referring to a foreign-currency exchange, for which this attack would work."

Have you tried this attack against large foreign-currency exchange transactions?

Richard.

Steven Murdoch
Steven Murdoch - University College London - London 17 February, 2010, 22:44Be the first to give this comment the thumbs up 0 likes

Richard,

"Have you tried this attack against large foreign-currency exchange transactions?"

I haven't, because we have not been able to find such a place who would consent to us testing this attack, but we did try some fairly high-value transactions. I think the largest was £200, because that's all the BBC were willing to try. I do know that there are UK currency exchanges which will accept Chip & PIN, without having to hand over the card, and without presenting additional ID.

Adam Nybäck
Adam Nybäck - Anyro - Stockholm 20 February, 2010, 04:59Be the first to give this comment the thumbs up 0 likes

Steven,

"Are you referring to the ISO 8583 Point of service entry mode? I saw this mentioned in a blog post by Dave Birch. There is apparently a single-digit field which states how cardholder verification occurred, but I haven't been able to find out the encoding."

Actually, this single-digit field does not necessarily include how cardholder verification occured. I just added a comment about this on Dave's blog.

Adam.

Steven Murdoch
Steven Murdoch - University College London - London 24 February, 2010, 16:24Be the first to give this comment the thumbs up 0 likes Thanks for the comment Adam. It seems that the task of detecting this attack is a bit more subtle than it first appeared.
Steven Murdoch

Steven Murdoch

Royal Society University Research Fellow

University College London

Member since

01 Jul

Location

London

Blog posts

9

Comments

35

This post is from a series of posts in the group:

Information Security

The risks from Cyber cime - Hacking - Loss of Data Privacy - Identity Theft and other topical threats - can be greatly reduced by implementation of robust IT Security controls ...


See all