28 April 2017
visit nextgenbanking.co.uk

Researchers reveal chip and PIN hack

21 October 2015  |  9156 views  |  13 card chip

Forensic researchers from France have called a scam that saw thieves embed two chips in a payment card to carry out a man-in-the-middle attack "the most sophisticated smart card fraud encountered to date".

In 2011 and 2012, five French citizens were arrested in connection with a fraud that saw them manage to spend around EUR600,000 in 7000 transactions using 40 modified, stolen chip and PIN credit cards.

In a new paper investigating the case, researchers from École Normale Supérieure as well as the Centre Microélectronique de Provence analyse how the fraud was pulled off.

Examining the cards, the researchers found that they contained two chips wired top-to-tail. The first chip from a genuine stolen card and the second a "spoof" that played the role of a man-in-the-middle, communicating with POS terminals.

At the checkout, POS terminals would communicate, as is normal, with the chip to ask whether the PIN entered by the crooks was correct. However, the spoof chip could preempt the real one and answer in the affirmative, regardless of what PIN had been entered.

EMVCo, the card scheme-owned consortium that manages the EMV standard, says the vulnerabilities that enabled the hack have now been fixed.

Comments: (13)

Diarmuid Murphy
Diarmuid Murphy - SOmewhere - Somewhere | 21 October, 2015, 09:26

Would standard crypto verification not prevent this ?

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Jonathan Rosenne
Jonathan Rosenne - QSM Programming Ltd. - Tel Aviv | 21 October, 2015, 09:58

Today the signature of the transaction would indicate that the PIN was not verified if the card was properly configured.

But this does support the US decision to use EMV without PIN.

 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Matt Scott
Matt Scott - NCR Corporation - London | 21 October, 2015, 11:01

@Jonathan: no this does not explain why the US did not opt to use PIN.  This attack is only possible using Offline PIN (ICC verifies PIN with an Offline PIN Block stored in secure memory).  I will assume the attack vector uses the same approach as the original Cambridge MITM attack - and authorises with the ICC as Chip and Signature - whereas the POS believes it was PIN Authorised.  If Online PIN was used - unless the PIN was exposed to the Fraudsters this attack vector would not work.

1 thumb up! 1 thumb up! (Log in to thumb up)
Jonathan Rosenne
Jonathan Rosenne - QSM Programming Ltd. - Tel Aviv | 21 October, 2015, 13:29

@Matt: Exactly, with online PIN it would not work. But using the PIN exposes it to many other attacks, and it is not worth it.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Matt Scott
Matt Scott - NCR Corporation - London | 21 October, 2015, 15:18

I'm not sure what your point is?  PIN's can be compromised - so can Fingerprint Biometrics etc etc.  Online PIN is a better approach than Offline PIN but does increase Cryptographic processing in the transaction flow and key management for terminal estates.  America would still be better off using EMV with Online PIN versus EMV and Signature (as I understand US Debit Cards currently use Online PIN already).

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Jonathan Rosenne
Jonathan Rosenne - QSM Programming Ltd. - Tel Aviv | 21 October, 2015, 15:54

@Matt: I am saying that the US is better off with EMV and Signature, because in the risk analysis the benefits of using the PIN are less that the risk in exposing it.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Matt Scott
Matt Scott - NCR Corporation - London | 21 October, 2015, 16:05 We leave our fingerprints everywhere - would you feel safer using a fingerprint? Maybe we should have signature pads on ATM's? We can dress this up a number of ways but the sad fact is that it's all down to interchange income rather than a technical or security argument. If you want to debate the effectiveness of Chip and PIN I suggest looking at fraud statistics before, after and during rollout. The problem area is CNP - and there are ways to lock that down too but the cost to implement outways the potential losses. It's all down to economics.
Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Trevor Jenkins
Trevor Jenkins - Maylands Consulting Ltd - Ilkley | 21 October, 2015, 19:04

The second chip passed through the EMV commands and data between the terminal and genuine chip apart from the command to the chip to verify the PIN.  The terminal generated the VERIFY command correctly but the second chip intercepted this command without forwarding it to the genuine chip. The second chip automatically responded with SW1 SW2='9000' whatever PIN was entered to indicate to advise the terminal that  PIN verification was successful.  The PIN was not exposed in the fraud.

This attack would not be successful in an online environment where the PIN is verified by the issuer.  It would not be successful with Combined Data Authentication (CDA) cards and one would hope that US issuers are not sending out Static Data Authentication (SDA) cards.

If these had been Chip and Signature cards, the fraudsters would not have had to go to all the trouble of transplanting chips from one card to another and attaching second chips.  They could have simply used the stolen cards and signed for the transactions confident that the signature would not be checked thoroughly by the retailer.

1 thumb up! 1 thumb up! (Log in to thumb up)
Steven Murdoch
Steven Murdoch - University College London - London | 22 October, 2015, 17:02

Yes, it was exploiting the same vulnerability as the original no-PIN attack. However there was an interesting twist: they also modified the application transaction counter (ATC) to make it seem as if the card had done fewer transactions than it really had. This, along with the fact that the cards were stolen in France and used in Belgium, made it more likely for the transaction to be offline and so keep the fraud working even after the genuine card had been reported stolen. I posted more details here: https://www.benthamsgaze.org/2015/10/14/just-how-sophisticated-will-card-fraud-techniques-become/

1 thumb up! 1 thumb up! (Log in to thumb up)
Peter Robinson
Peter Robinson - Liberti Consulting - Northampton | 22 October, 2015, 17:31

I'm confused!

@Trevor stated "This attack would not be successful in an online environment where the PIN is verified by the issuer.  It would not be successful with Combined Data Authentication (CDA) cards and one would hope that US issuers are not sending out Static Data Authentication (SDA) cards." yet as far as I'm aware Belgium (if that's where the fraudulent transaction took place) uses online pin, so if @Trevor is correct how did this happen?  I'm not overly familiar with the technical detail but I thought that if the chip sought to go online but was unsucessful, then a decline response would be given? Would this fraud have been easier in the UK where offline pin is used?

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Steven Murdoch
Steven Murdoch - University College London - London | 22 October, 2015, 17:37

@Peter When I've used my UK credit card in Belgian PoS terminals, I'm confident offline PIN and online authorisation was used because the PIN verification response was instantaneous but the transaction authorisation took a few seconds. I don't know the relative proportions of different transaction types, but offline PIN is almost certainly possible and is listed as the prefered option on the CVM list of UK cards I looked at. Even if only some terminals support offline PIN, criminals would have targeted them (they already would have had to identify terminals with a non-zero floor limit).

1 thumb up! 1 thumb up! (Log in to thumb up)
Matt Scott
Matt Scott - NCR Corporation - London | 22 October, 2015, 17:39 The French Issuer probably supported Offline PIN - its a case of what the Card and the Terminal can mutually support. If the Card can authorise offline (with floor limit and velocity) then it does create the potential for undesirable situations - when the advice is pushed online providing the CVM Result and TVR and sent online you can easily identify a discrepency between what the ICC thinks it processed vs what the terminal thinks it processed. Floor limit of zero is the way forward...
1 thumb up! 1 thumb up! (Log in to thumb up)
A Finextra member
A Finextra member | 23 October, 2015, 21:25

Reference the article by Andy Greenberg in Wired: http://www.wired.com/2015/10/x-ray-scans-expose-an-ingenious-chip-and-pin-card-hack/

Visa, MasterCard, and the others involved in EVM should have listened to Steven J. Murdoch, Saar Drimer, Ross Anderson, and Mike Bond - five years ago.
https://www.cl.cam.ac.uk/research/security/banking/nopin/oakland10chipbroken.pdf

I think fast Elliptic Curve Crypto (like Curve25519) and today's capable microchips would let us do cryptographically strong public-key based authentication.

EVM is a broken protocol.  I wonder if a correctly strong protocol wasn't possible with the technology when EVM was first developed.

It's useful to quote the final paragraph:"we have discussed ways in which this vulnerability may be fixed by issuer banks, while maintaining backwards
compatibility with existing systems. However, it is clear that the EMV framework is seriously flawed. Rather than leaving its member banks to patch each successive vulnerability, the EMV consortium must start planning a redesign and an orderly migration to the next version. In the meantime, the EMV protocol should be considered broken. We recommend
that the Federal Reserve should resit pressure from banks to allow its deployment in the USA until it is fixed."

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

US gears up for EMV switch deadline

US gears up for EMV switch deadline

30 September 2015  |  6809 views  |  16 comments | 9 tweets | 12 linkedin
Just one in ten Americans have received chip cards - poll

Just one in ten Americans have received chip cards - poll

07 August 2015  |  10764 views  |  2 comments | 25 tweets | 10 linkedin
Campaign pushes for US adoption of chip and PIN

Campaign pushes for US adoption of chip and PIN

09 March 2015  |  6966 views  |  16 comments | 11 tweets | 9 linkedin
Researchers tap quantum physics for fraud-proof credit cards

Researchers tap quantum physics for fraud-proof credit cards

16 December 2014  |  9538 views  |  3 comments | 7 tweets | 6 linkedin
Obama signs chip and PIN executive order

Obama signs chip and PIN executive order

17 October 2014  |  19355 views  |  9 comments | 23 tweets | 33 linkedin
Business case for US migration to EMV called into question

Business case for US migration to EMV called into question

15 February 2013  |  16007 views  |  19 comments | 30 tweets | 14 linkedin
Visa: US EMV move doesn't mean chip and PIN

Visa: US EMV move doesn't mean chip and PIN

17 January 2012  |  16466 views  |  7 comments | 1 tweets
Chip and PIN eftpos fraudster jailed for three years

Chip and PIN eftpos fraudster jailed for three years

14 October 2011  |  5911 views  |  0 comments
Chip and PIN 'broken' - researchers

Chip and PIN 'broken' - researchers

23 March 2011  |  14525 views  |  8 comments

Related blogs

Create a blog about this story (membership required)
Visit capgemini.comvisit dh.comvisit vasco.com/news/PSD2-compliant-solutions

Top topics

Most viewed Most shared
hands typing furiouslyBitcoin ETF Bites the Dust, Needs More Sec...
17897 views 0 | 7 tweets | 7 linkedin
BBVA runs live funds transfers over RippleBBVA runs live funds transfers over Ripple
12265 views comments | 32 tweets | 20 linkedin
EC plans blockchain 'observatory'EC plans blockchain 'observatory'
8809 views comments | 9 tweets | 16 linkedin
Plastc goes into meltdownPlastc goes into meltdown
7387 views comments | 12 tweets | 7 linkedin
Six global banks join Swift DLT trialsSix global banks join Swift DLT trials
7220 views comments | 15 tweets | 36 linkedin

Featured job

Six Figure Base + Commission + Stock Options
London

Find your next job