Cards are OK, but is Chip & PIN OK ?

A significant part of my job is to evaluate the security of smart cards, in particular in the banking sector. The level of security achieved in today’s card is definitely quite good, and getting a PIN out of a banking smart card remains a very difficult task. Nevertheless, the latest paper of Cambridge’s research lab describes a nice attack on Chip & PIN.

Their attack does not even try to attack the card directly: the card is not the weakest link. Instead, they are attacking the terminal. Their attack is base on the use of a fake terminal that actually relays a financial transaction to a fake card, while displaying entirely unrelated information.

There are here two weak points that are exploited:

  • A “bad” vendor must be possible to use a fake terminal.
  • A “bad” customer must be able to use a fake card.

The first weak point causes no trouble at all. There is an incredibly large number of EMV terminal models, and there is no way to recognize a genuine one from a fake one. These terminals are supposed to be tamper-evident/resistant, but this usually means that the chipset is destroyed when the device is opened, and that it is difficult to put the screws back in. For somebody who wants to completely replace the inside of the terminal, these countermeasures simply don’t work.

The second point is more delicate, as it may be difficult to build a fake card that is realistic enough. Systems like those used in many stores, in which the customer puts the card in the reader and then enters a PIN, make things easier, but the risk of detection remains high.

The authors also define several possible countermeasures, including the use of the cardholder’s mobile phone in the payment application. Of course, this only works if it also includes a part of the payment terminal’s functionality. And this of course means that the mobile phone must be really well secured. The main advantage here is that the attack described in the paper assumes that the cardholder is a victim, so it is unlikely that the victim will (at least willfully) hack its own cell phone. On the other hand, this could become a strong use case for malware developers, making cell phone an interesting target.

Finally, the principle of the attack is very interesting, especially as it has not been described in the most favorable setting. With more and more contactless and wireless cards and networks and phones and anything, it may become far easier to connnect a lot of devices in unexpected ways, and to build this kind of attack schemes.

3 Comments

  • Why describe this as a “nice” attack? It’s complete nonsense and nothing remotely like it would ever have a chance of performing a fraud in the real world. Those so-called researchers at Cambridge are just publicity-hungry geeks who should spend their research budgets on something of benefit instead of cheap stunts like this.

  • Just like you, I don’t believe that the attack is feasible exactly as it is presented. However, it is nevertheless interesting for at least two reasons.

    First, banking terminals can be fake, and this opens many other attacks. Then, card-like payment is being deployed in many new ways, like contactless payment and mobile payment, and similar may be easier in such settings.

    More generally about the Cambridge guys, they are indeed publicity-hungry geeks. They may not be the best security researchers either, but their cheap stunts are useful to remind us about security.

  • marcelo rodrigues wrote:

    I guess if some expert programm a javaCard and install an EMV Fake Applet on it which could have been stolen from a “real” card (SDA), this migth work.
    So card skimming should not be so difficult as they say, I mean, you only need a smart reader and some java cards.

Leave a Reply

Your email is never shared.Required fields are marked *