A significant part of my job is to evaluate the security of smart cards, in particular in the banking sector. The level of security achieved in today’s card is definitely quite good, and getting a PIN out of a banking smart card remains a very difficult task. Nevertheless, the latest paper of Cambridge’s research lab describes a nice attack on Chip & PIN.
Their attack does not even try to attack the card directly: the card is not the weakest link. Instead, they are attacking the terminal. Their attack is base on the use of a fake terminal that actually relays a financial transaction to a fake card, while displaying entirely unrelated information.
There are here two weak points that are exploited:
- A “bad” vendor must be possible to use a fake terminal.
- A “bad” customer must be able to use a fake card.
The first weak point causes no trouble at all. There is an incredibly large number of EMV terminal models, and there is no way to recognize a genuine one from a fake one. These terminals are supposed to be tamper-evident/resistant, but this usually means that the chipset is destroyed when the device is opened, and that it is difficult to put the screws back in. For somebody who wants to completely replace the inside of the terminal, these countermeasures simply don’t work.
The second point is more delicate, as it may be difficult to build a fake card that is realistic enough. Systems like those used in many stores, in which the customer puts the card in the reader and then enters a PIN, make things easier, but the risk of detection remains high.
The authors also define several possible countermeasures, including the use of the cardholder’s mobile phone in the payment application. Of course, this only works if it also includes a part of the payment terminal’s functionality. And this of course means that the mobile phone must be really well secured. The main advantage here is that the attack described in the paper assumes that the cardholder is a victim, so it is unlikely that the victim will (at least willfully) hack its own cell phone. On the other hand, this could become a strong use case for malware developers, making cell phone an interesting target.
Finally, the principle of the attack is very interesting, especially as it has not been described in the most favorable setting. With more and more contactless and wireless cards and networks and phones and anything, it may become far easier to connnect a lot of devices in unexpected ways, and to build this kind of attack schemes.