This sounds interesting, and I will be listening to the show (maybe not live, but I will definitely get the podcast). I listened many times to France Culture’s science shows, and they are usually serious and interesting. Of course, the question (in English, how to enhance the security of bank cards?) is already a bit aggressive, and I am sure that some people would even challenge that question, claiming that there isn’t much to be enhanced. Well, we’ll see on Friday.

Most of us, who don’t know the EMV specs by heart, would believe that the PIN authentication is part of the card applet’s state machine. After all, Chip and PIN seem to be very tightly connected to each other. Well, it isn’t the case, and PIN verification is just something that may happen, or not. So, the discrepancy can go unnoticed.

When looking at the EMV protocol in greater details, like they do in the article, we notice that the information is actually present, but that we are missing a method to consolidate the various bits of information. Some items are optional, while some others (the IAD) use proprietary formats, and are not intended to be parsed on the terminal. Basically, there are solutions to counter the attack, but they are not obvious to implement. If you want all the technial details, refer to the full paper.

Now, what does this attack tell us about the EMV Protocol? Well, it has a vulnerability, like many (all?) other security protocols, at least in the way it is most often implemented in practice. It’s a rather big one, too, which shows that smart card protocols most likely get less interest than others. It also shows that simple is not only beautiful, but also secure, or at least that the complexity of systems like EMV, with all its options, is becoming a real security issue.

Then, another issue is that the ability to perform over-the-air software updates to fix vulnerabilities is becoming standard, on computers, on phones, and even on some TVs and soud systems, provided that they are connected to Internet. Well, such things remain hard to do on payment terminals, and also on smart cards, even though th security of these devices is critical. Can we really expect card operating systems to become more complex if we aren’t able to maintain them over their lifetime? Probably not, and that transition is going to be tough.

Another thing that this attack reminds us of is that smart cards are just another security measure, which cannot be perfect. The paper contains the usual attacks against UK banks who, according to the authors, make customers liable as soon as PIN authentication is used on a bad transaction. Here, the problem is not the technology, it is the system around it. Magstripe technology is far more broken, but if the insurance provided by US banks is better, then the consequence is that the customer, in the end, is better off with the lower security, because their insurance provided by their banks is better.

About PIN security itself, it is in fact very easy to guess the number typed by a person on a keypad, even without seeing the keypad. You can make the experience in any European supermarket line: simply try to guess the PIN typed by the people in front of you. You will notice that in many cases, you have the feeling that you got a lot of information about that PIN. Add to that the fact that you are far from being a trained professional, and you can get an idea of the problem: protecting a PIN is difficult. As far as I know, in France, where Chip and PIN has been the rule for many years, it is not too hard to avoid liability even if our PIN has been disclosed. The PIN is not a miracle, and it cannot solve all problems.

Finally, a positive note. We are getting quite a lot of attacks on smart cards these days. The program of Cardis 2010 includes 6 papers on attacks, and the published state-of-the-art is getting closer to the laboratories’ state-of-the-art. Some might say that this is dangerous for cards, but some others will say that this is actually a positive evolution, moving away from the “smart cards are secure” dogma into a “smart card can help build good security models” logic. And if we use that logic to build business models that ultimately benefit final customers, then all of this will have been a step in the right direction.

There are a few exceptions to that rule. If you are lucky enough to be in a place that accepts American Express, these cards will be accepted even if they don’t have a chip (this is quite natural, since even those issued in Europe have no chip). But in many cases, you may well be really out of luck. Consider the subway example, for instance. In many places, it is becoming common to close all tellers at late hours, only to leave automated machines. And if you can’t get them to work, well, things may get ugly.

Things are only going to get worse, and apparently, some American companies have understood that. According to the NYTimes, Travelex is getting ready to issue prepaid smart cards for its customers in a bout a year from now. That means that, in a while, we should see American tourists with smart cards. And if it works, we are quite likely to start seeing American businessmen with smart cards as well, as corporate cards for international travellers will start having them as well.

Good news for smart cards? Not necessarily. If we consider that only 20% of all Americans have a passport, this also caps the number of Americans with that specific need. Most likely not the killer reason for American banks to switch to smart cards, which are still considered too expensive to manage.

• You need to provide a 3/4 digit security code that is written on your card, and that is some kind of digital signature of the card number and expiration date.
• Your goods need to be delivered, which will undoubtedly lead you to major trouble, especially if you repeat your scam several times.

Well, things aren’t that simple. A gang presented as two countryside housewives has managed to steal around 200,000€ worth of goods before to get caught (here is an article about this, in French). The interesting part is how easy it has been to circumvent the complex security measures organized by online sites:

• First, avoid an immediate check of your credit card data, by buying items that are not too expensive, and by selecting options like “Pay in three easy installments” that will trigger a more complex, but less immediate procedure.
• Then, use slight variations of your name and address for the delivery. The idea is to ensure that computers will not match “John Doe” with “Jon Doh”, but that the postman will perform the same match successfully, and deliver the package.

I really love this scam, because it is so low tech. We design sophisticated countermeasures with ultra-secure smart cards, and we end up defeated by typos in names. According to the article, the victims are working on fixing the problem, but this is another endless quest: approximate matching is not that easy, and they will soon discover the joys of false positives. Good luck!

In the example they insist on, they focus on man-in-the-browser attacks, in which an attacker modifies within the browser itself (after successful authentication) the parameters of a money transfer in order to transfer more money, of course to his own account. With the ZTIC device, the user can review the actual amount and approve it (or not). According to the Wikipedia page above, this looks like the right thing to do for such attacks:

One of the most effective methods in combating a MitB attack is through an Out-of-Band (OOB) Transaction verification process. This overcomes the MitB Trojan by verifying the transaction details, as received by the host (bank), to the user (customer) over a channel other than the browser; typically an automated telephone call.

But then, the next sentence in Wikipedia is not that optimistic for the ZTIC:

OOB Transaction Verification is ideal for mass market use since it leverages devices already in the public domain (e.g. Landline, Cell Phone, etc) and requires no additional hardware devices …

So, is this device really useful?

Using hardware for securing banking transactions is not necessarily a bad idea. There are quite a number of one-time password (OTP) generators, and CAP readers are being popular as well.

However, as Wikipedia mentions, it is also possible to do without any specific hardware, leveraging for instance your existing landline or cellphone. On top of it, these devices are often more flexible, and can perform more operations.

Let’s consider the IBM device, and see what it does:

• It displays an amount that comes directly from the bank’s server.
• It allows the end-user to accept or refuse the transaction, and transmits directly this response to the bank’s server.
• It does so in an out-of-ban manner. Actually, the end-to-end security is a strong requirement in their case, but mostly because the communication goes through the very PC that may be infected by some malware

The exact same thing can be done in many ways, even with low tech:

• By voice: “You just requested a money transfer of 20,000€ to some Russian bank. Press 1 to confirm, and 2 to cancel”
• By SMS: “You just requested a money transfer of 20,000€ to some Russian bank. Enter 574567 in your browser to confirm the transaction”

I can of course go more high-tech, with a sleek mobile application that handles the incoming SMS and displays it in a fancy way, but still, this is basically the same. In terms of security, is it very different from the ZTIC? Well, no. The communication may not be encrypted, but this has little influence on the global security level. The security measure in an out-of-band confirmation is the very fact that it is out-of-band, using a phone call/SMS directly from the bank’s server, to a number that only the server knows.

The other issue for this device is that it is specialized, and quite limited. In particular, it lacks an input device that would allow it to perform some kind of authentication in addition to the out-of-band countermeasure. That would definitely increase its potential use, but as it is, I don’t really see the advantage for a bank.

Let me conclude in an usually selfish way:

• First, I must admit that I am a bit biased, since I work for a company that sells security middleware for mobile phones. On the other hand, I truly adhere to our “Where open meets secure” motto, which engages us to use the same devices for many things, including security.
• Then, I try to promote Java Card 3.0, and I have noticed that the ZTIC device is supposed to contain a card reader. Well, if this card reader can handle a Java Card 3.0 card and open a SSL transaction to such a card, I am sure that I will be able to find some applications that can make good use of the “secure” display on the ZTIC. Please, just add a few keys so that I can make it a full secure UI, and I will be happy.

The idea is here to hack the HSM’s (Hardware Security Module) through which the PIN code transits. I am not an expert, but by reading the article, it seems that the PIN is first encrypted with a key from the ATM’s owner; then, it gets to an HSM in which it is decrypted and reencrypted with an interchange key. At some point, it gets to the cardholder’s bank’s HSM, where it is finally decrypted and compared to the actual PIN. This sounds quite amazing, since all of this goes very fast. But the main point is not here in the complexity of the process: it is on the HSM’s. Of course, these specialized computers are highly secure, with a lot of security precautions and all. I have worked on some of these things, and they sure look a lot like big smart cards, complete with a bunch of security features.

So, how can it fail?

Like usual, through sloppy programming and administration. If an HSM is poorly configured, if its “root” access keys are not well protected, if the development of the applications is outsourced without proper control, then there is a significant risk that hackers will be able to get in these systems. And since the incentives for hackers are very high (having card data is interesting, having card data together with the associated PIN code is much more interesting), I would not be surprised if this happened.

Of course, the solution that I will propose is the same as usual: stay local. Your secrets are better protected if they stay with you at all times. In a smart card transaction, the PIN code is verified directly on the card. The bank’s servers only verify the cryptogram provided by the card (after you present the proper PIN code). There are plenty of other solutions in which your PIN code does not travel through a maze of potentially unsure computers, including the CAP readers that I mentioned recently. As far as I know, as of today, even your mobile phone is quite a safe place (unless of course, it is one of these Symbian phones that somehow seem to get all the attacks of the world). At least, it is under your control, so you have a chance to notice if it is being hacked.

This approach is interesting, because it makes it harder to use forged cards in face-to-face transactions. In this particular context, it reduces the differentiation of smart cards. Nevertheless, such approaches are interesting for security, at least to remind the smart card industry that their solutions are costly, and that there may be other ways to decrease the risk associated to payment (or any other application).

Card theft

This first argument is a good one. Having a portable PIN-checking device is good news for muggers, who will now be able to check their victim’s PIN code from the comfort of their (victim’s) own home. As the authors mention, it would have been much better to let the user know about the “Wrong PIN” issue only after validating an online authentication or purchase, as it would have made it more difficult for muggers to get their information.

The bad news is that the readers are out now, and that muggers can freely get their hands on one, or they can order one from Internet.

The argument about wearing of the reader’s keys doesn’t seem as good. Keys take a lot of abuse before wearing, and a CAP reader is not a device that one will use 10 times a day every day. In practie, I am not sure that this vulnerability is really significant (this can be tested, though).

Software implementation

The CAP application can be implemented on pure software using publicly available documents. This is true, but this threat sounds much less significant to me. Because EMV is protected by copyright and other means, “official” software vendors are quite unlikely to include a piece of software that banks and payment associations don’t want to see. Of course, anybody with some smart card experience could write a program that emulates the CAP reader, but who would be stupid enough to give his PIN to a program written by an unknown developer. In addition, smart cards always faced the problem that PCs aren’t equipped with readers, and I believe that this is still very common today.

Middleperson attacks

Attacks based on a tampered-with terminal definitely can work, but they are very hard to industrialize, because payment networks have become quite good at identifying the source of a card fraud (i.e., the vendor that has been used by several cards before a given attack). This severely limits the exploitation of this vulnerability.

Supply-chain infiltration

Like the previous one, this attack is real, but difficult to implement. The attack requires the attacker to sell modified CAP readers, which are then returned because they are designed to stop working (after recording your card information and PIN code, naturally). How many modified CAP readers can a thief sell on eBay before getting caught? Most likely, not much. In addition, the logistics is quite complicated.

The other idea consists in fitting a GSM module (with a SIM card) in the CAP reader. This vulnerability does not make any economic sense, because a CAP reader is intended for personal use, and the price of a GSM module (with some kind of a subscription) is likely to be greater than the price of buying the card information on the black market.

Social engineering

This one is really nice, and a beautiful extension to traditional phishing. Once a victim responds to a phishing e-mail, the next communication will consist in asking for some use of the reader, in order to authorize the transaction. This is of course quite natural; if somebody falls for phishing, this same person will keep going through the authentication process, almost regardless of the process.

I believe that this actually is a weakness of these devices. With a slightly larger screen, it would be possible to display a more detailed message, and therefore to reduce the likelihood of phishing.

Protocol weaknesses

These weaknesses seem to be specific to the use of the readers by the banks. All the weaknesses mentioned in the paper are quite trivial, and seem to result from the fact that banks have not been adequately trained about the use of the devices. Hopefully, this will get fixed in the near future.

To conclude on these vulnerabilities, I believe that they are not that easy to exploit, except by muggers (but, as I mentioned, it is too late to stop the muggers now, as they already have bought their CAP reader).

On the other hand, CAP readers are a good security measure, which can make online banking and payment safer. Their exploitation is only starting, and we can hope that it will improve in the coming years. In addition, other two-factor authentication means are becoming available, for instance using mobile phones, which will bring more diversity and hopefully more security to this field.

OK. But let’s try to analyze this a bit deeper.

First, the attack:

• It relies on cloning. A good point for smart cards, which claim to be more difficult to clone.
• It can interest organized crime. We are talking millions here. If this can be repeated, it is a strong point in favor of good security, because the attackers can invest a few thousand dollars in breaking the card.

Again, I told you so! But I also need to bring up a few not so strong points:

• No authentication issues. Apparently, in these attacks, the attackers know the PIN code, either because they own the original card, or because they stole the PIN code with the card (not that hard, try it while waiting in supermarket of money dispenser lanes).
• A key part of the attack consists in hacking a server somewhere, to make a system believe that a card has no limit (or a very high limit). No card involved here, so no good point for a smart card.

Of course, I will now tell you that these arguments don’t hold.

• Smart card PIN authentication also authenticates the card. When performing an EMV transaction, the PIN is verified by the card, and that fact allows a cryptogram to be generated. When the payment terminal or server verifies its cryptogram, it will know that the user has been authenticated and the original card has been used. That links authentication to cloning, which is good for our case.
• About servers, there is nothing to say. There are so many breaches in all kinds of servers worldwide that nobody would rely solely on servers for reaching a good level of security.

So, I can now safely conclude that this attack would not work without actually cloning the card, which means that smart cards are better than magstripe, because they are in all cases harder to clone (even on cards with very poor security, there is no command to get the value of the secret; some kind of attack is required to get it). In addition, since the potential revenue is important, such schemes may interest organized crime, which means that they should be able to get the secrets out of at least the weakest available cards.

That leads us to the bleak side of things. A typical smart card in use today has been issued in 2007, by a bank who selected a platform vendor in 2005 after one year of negotiation with a card certified in 2003. And since 2003, a lot of attacks have been invented, and I am quite convinced that at least most CC-approved labs would be able to break these cards.

As a conclusion, I would say that smart cards are a good defense against these attacks, because they significantly raise the cost of preparing for the attack. However, I have no clue of the amount of money that it would cost to break a typical card used today, and this may still be very accessible to your typical mafia guy.