Researchers crack e-banking card readers

Researchers crack e-banking card readers

Researchers from Cambridge University say they have found "numerous weaknesses" in the security of one-time-password generating card readers used for authentication in online banking.

Saar Drimer, Steven Murdoch, and Ross Anderson claim to have reverse engineered the secret Chip Authentication Progamme (CAP) protocol and found several security vulnerabilities in the UK variant of readers and smart cards.

The researchers published their paper, Optimised to Fail: Card readers for online banking, today at the Financial Cryptography 2009 conference.

The paper says the basic principle behind CAP - a trusted user interface and secure cryptographic microprocessor - is sound.

However design errors such as reusing authentication tokens, overloading data semantics, and failing to ensure fresh responses, are putting customers at risk.

In February, the researchers demonstrated that unencrypted card details can be stolen by "tapping" PIN entry devices (PEDs). They found flaws in the Ingenico i3300 and Dione Xtreme PEDs - both of which are certified by Apacs and Visa - that can enable fraudsters to access unencrypted PINs and account numbers.

The paper points out that, as with the move from signature to PIN for authorising point-of-sale transactions, the move to CAP for online banking shifts liability for losses from banks to customers.

Barclays, which along with NatWest was tested by the researchers, outlined plans last year to extend the use of Gemalto handheld chip and PIN devices after reporting zero fraud among the first million users.

Read the paper here

Comments: (13)

A Finextra member
A Finextra member 27 February, 2009, 11:09Be the first to give this comment the thumbs up 0 likes

Go

     Go

            Gadg

                    e

                      t.

                         ...

 

 

Nick Collin
Nick Collin - Collin Consulting Ltd - London 27 February, 2009, 12:14Be the first to give this comment the thumbs up 0 likes

What is it with Ross Anderson? 

CAP is a good, pragmatic solution to the increasingly severe problems of phishing and card-not-present fraud.  No security solution is 100% safe; in the real world, as opposed to Cambridge University, criteria such as cost, usability and practicality are important.  CAP is highly secure, but it also meets these criteria, which is why, the last time I checked, it has been adopted by about 20 large banks which between them have rolled out about 20 million CAP readers in Europe alone.

The Anderson paper makes various obscure points to suggest that, in theory, under extreme conditions, CAP is not 100% secure.  OK, fine, but that doesn't mean it's not a good solution, and it certainly justify the relentlessly negative tone and lack of objectivity of the paper - for example the title "Optimised to Fail", or this gem from the text "the system has literally been optimised to death".  Similarly the Finextra title "Researchers crack e-banking card readers".  Come on guys, be reasonable!

Ted Egan
Ted Egan - ThreatMetrix Inc. - Sydney 27 February, 2009, 18:15Be the first to give this comment the thumbs up 0 likes

'Chip and Pin' technology has its place, but as is with many technologies used to stop online fraud, card fraud, etc then it is one of the more robust layers used. Even though the initial stats show some promise, the real story will be in a year or two whether the Chip and Pin has really slowed the incidence of card fraud.  

Yes it is correct to say nothing is 100% secure, but Ross Anderson points out that the testing shows it still needs a lot of work. We still need to make all this technology user friendly, ensure the computing devices the technology is plugged into is not compromised and as we all know it is about a combination of layers addressing all possible weakpoints.

This is not the silver bullet.

More importantly the cost of customer acquisition, ease of use and deployment cannot be too inhibitive.

Joe Pitcher
Joe Pitcher - Irrelevant - Wirral 02 March, 2009, 11:25Be the first to give this comment the thumbs up 0 likes

Ross Anderson is well known for his dislike of EMV and Chip in general. Read any of his articles on www.chipandspin.co.uk . He is clearly very knowledgeable and educated but the findings of a scientist in a lab are very different to the reality of deploying a system which balances cost against risk.
A Cambridge professor with expensive lab equipment and specialist training may find faults with a system, will the average fraudster? At the point that the type of attacks Anderson describes become real and widespread CAP will be redundant. Until then I don't see a viable alternative.
I do however agree with one statement he makes. "The basic principle behind CAP - a trusted user interface and secure cryp-tographic microprocessor - is sound". The faults Anderson has highlighted are either theoretical or due to specific implementations - not CAP itself. In the real world it's still the best solution I have seen. I'm sure better solutions exist in laboratories but at the moment they are not solutions in the real world. When/if they hit the street and are at a cost comparable to a CAP reader great, until then CAP is a huge improvement on CVC and address verification systems.

A Finextra member
A Finextra member 02 March, 2009, 14:30Be the first to give this comment the thumbs up 0 likes

So ...

Ross Anderson hits the headlines once again, and I for one am getting a little bit tired of reading about this over-exposed donkey with the chip on his shoulder.

Come on now Ross, you have all of the Cambridge University facilities available to you -  more than any crim!  You have a morbid dislike of the banks, for some reason, spurring you on.  You have reputations to maintain, both for you and for the university.   So many incentives, so many resources, and yet so little to show for it.

I think the time has come to respond to the challenge: show us how you have broken EMV, or any other payment infrastructure for that matter; show us how you have managed to manufacture a fake card, and how you can use it to make purchases using my account; show us how you can extract a PIN from the internal systems of banks, and use it nick my money. 

You can't because you haven't!!!  The time has come to put up or shut up.

A Finextra member
A Finextra member 29 October, 2009, 09:03Be the first to give this comment the thumbs up 0 likes

Let's see. I think it's fair to say that comments against Ross Anderson are coming from gents that are in the chip and pin business.

A Finextra member
A Finextra member 30 October, 2009, 06:27Be the first to give this comment the thumbs up 0 likes

Perhaps they are in the 'the chip and pin out of business' group - or soon may be.

Stephen Wilson
Stephen Wilson - Lockstep Group - Sydney 02 November, 2009, 11:40Be the first to give this comment the thumbs up 0 likes

Do Marite and Dean have anything to say about the substantive issues that others on this thread have raised about the Cambridge attacks?  Or are they content to shoot messengers for being pro Chip-and-PIN?  Yes many of us are pro chip, but we're engaging with the substance of the Cambridge research, and finding that the research isn't actually so profound as to merit sarcastic yelps of joy from EMV critics.

Marite and Dean are anti-chip, but they're silent on the technical issues. They seem to swallow uncritically every bit of bad news about EMV generated by theoreticians.

[Elsewhere Dean is far from silent on pseudo-technical issues, but he has yet to offer a single non-trivial truth about smartcards.]

Like the others, I really don't see that the latest Cambridge attacks are momentous.  Sure, obtaining CAP codes via a tampered terminal is a bit of an eye opener, but the secrets are no good in the vast majority of CAP implementations where codes aren't replayable.

More generally, looking at the significance of this whole line of inquiry ... if the Mafia can mount large scale insider attacks on terminal equipment, then what do the Cambridge folks and their acolytes expect anyone to do about that?

 

 

 

Steven Murdoch
Steven Murdoch - University College London - London 02 November, 2009, 12:17Be the first to give this comment the thumbs up 0 likes

Hi Stephen,

"Sure, obtaining CAP codes via a tampered terminal is a bit of an eye opener, but the secrets are no good in the vast majority of CAP implementations where codes aren't replayable."

In the Barclays CAP implementation, codes are replayable. In the NatWest/RBS implementation they are not, but that's irrelevant because you can perform a real time man-in-the-middle attack so that the resulting authentication code is used while it is still valid. I am not aware of any CAP implementation which can resist this attack. Could you say which particular implementation you are thinking of?

Stephen Wilson
Stephen Wilson - Lockstep Group - Sydney 02 November, 2009, 17:25Be the first to give this comment the thumbs up 0 likes

If you're mounting a real time MitM attack, you don't need to have tampered with a retail terminal to get the CAP OTP; you just trap the user's OTP as they enter it. 

Steven Murdoch
Steven Murdoch - University College London - London 02 November, 2009, 18:59Be the first to give this comment the thumbs up 0 likes

Hi Stephen,

"If you're mounting a real time MitM attack, you don't need to have tampered with a retail terminal to get the CAP OTP; you just trap the user's OTP as they enter it."

By a real-time MitM attack, I don't mean on on the customer's PC, I mean one on the tampered retail terminal. This would allow criminals to carry out successful attacks against people who:
1) Have no malware on their PC; and
2) Will not visit a malicious website (whether by DNS spoofing or social engineering tricks)

Conventional OTP tokens are not vulnerable to this attack, but because CAP uses the same card and PIN for point of sale and online banking, it can be attacked in this way.

Stephen Wilson
Stephen Wilson - Lockstep Group - Sydney 02 November, 2009, 19:19Be the first to give this comment the thumbs up 0 likes

I see.  But still, tampering with a retail terminals on a large scale is still much more difficult than mounting a conventional MitM attack at the browser isn't it?

Steven Murdoch
Steven Murdoch - University College London - London 08 November, 2009, 22:15Be the first to give this comment the thumbs up 0 likes

Hi Stephen,

"But still, tampering with a retail terminals on a large scale is still much more difficult than mounting a conventional MitM attack at the browser isn't it?"

Probably, but this isn't an either/or situation; smart criminals will do both.

MitM trojans will pick up credentials for customers who have malware on their PC. However, businesses are more likely to have effective malware protection measures to resist this threat.

Criminals could use attacks like I demonstrated to attack high-value targets. In these cases the investment, manpower and risk necessary to pull off the attack, would be justified by the large payoff, even on a small scale.

South African criminal gangs are already taking this approach (known as whale phishing), and I see no reason crooks in the UK will not follow, if they haven't already.

Find out more
EBA Winter School 2019

Trending Stories