In my last post I discussed the statistics surrounding the adoption of Chip and PIN. In this post I want to go back and discuss the issues from my old post regarding security risks regarding Chip and PIN.
In my original post I discussed a number of shortcomings regarding EMV. A lot of those issues were taken from old sources as well as some that were questionable. I apologize for the misleading information in some cases.
However, the reason I included a number of these old issues was that they still can be an issue to the EMV card as not every financial institution has necessarily converted their entire card base to newer EMV standards.
I know this to be true because one of my clients manufactures EMV cards and they continue to produce cards to older standards.
EMV, like any other security method, is not perfect. So what are the viable issues? Here is my take on the security issues for EMV.
At the IEEE conference in February 2010 a number of researchers from the University of Cambridge presented a paper on a man-in-the-middle attack where they used somewhat expensive equipment to build hardware and software that essentially intercepted the communications between the EMV card and the terminal to fool both into believing that a transaction has been properly completed.
After this paper was presented there was a flurry of newspaper articles about the problem hyping it as the reason why EMV is a “false prophet.” A few days later, a number of articles came out dismissing the research as bunk because of the expense and complexity of the equipment.
However, the flaw that these researchers found is more exploitable than most people think. Terminals are more sophisticated that most people give them credit. Today’s terminals are not the “dumb” devices of yesteryear. Today’s terminals are like netbooks in disguise and run embedded Linux or Windows.
Vendors provide software development kits with these new generation terminals for the development of sophisticated solutions for processing credit cards, giving loyalty rewards and other merchant friendly purposes. And after four years, it appears that the PCI SSC has recognized the threat from these new terminals and is modifying the PA-DSS to include them in the certification process.
I have personally been involved with a client that had their terminals tampered with by a gang to store cardholder data on USB drives embedded in the terminals. These terminals were swapped for legitimate terminals by gang members posing as the night cleaning or the stock crew.
Then there is the Hannaford breach. While we know that it was malware installed on the POS servers at each store, there has never been an official explanation given as to how the malware got on those servers. Most people just assumed that the hackers somehow compromised Hannaford’s network and placed it on all of their servers.
But the rumor I heard was that the Hannaford breach was the result of tampering with their master ghost image for their POS server. Hannaford had updated their POS hardware and software as part of their PCI remediation efforts (how is that for a real piece of irony) and had hired a third party to provide the additional resources necessary to ghost the new servers.
The bottom line is that there is ample evidence that data gathering at the source is a real threat. Given the sophistication of terminals these days and the likelihood that they and POS software can readily be tampered with, the ability for a successful man-in-the-middle attack is higher than most people believe or want to believe.
As a result, it is not too far fetched that tampered with terminals or POS software could be created and distributed to unsuspecting merchants by unwitting or unscrupulous vendors and/or resellers.
In May 2010, Lloyds-TSB admitted that a number of their customers had been the victims of card cloning. Apparently, this is not your run-of-the-mill amateur cloning operation, as these cloners are cloning everything and determining the cards’ PIN.
It is not difficult to skim the magnetic stripe on an EMV card as most of them have a stripe so that they can be used in non-EMV situations. Now a lot of you are probably wondering how the bad guys got the cards’ PINs. It is just a simple use of a rainbow table to break the encrypted PIN block.
The problem with the current PIN block encryption specification is that it is published. And though you might think that PIN encryption would be tough to beat, banks usually only change their private keys annually so if you have a card from a target bank, you can figure out the private key by using the information from a known card. As a result, it is not difficult to generate the necessary rainbow table(s) to quickly crack PIN blocks.
Once cloned, the cards are used at ATMs around the world to obtain the victims cash. Why ATMs? Turns out that almost all ATMs, even those in Europe, still rely on a card’s magnetic stripe to conduct withdrawals not the chip.
To add insult to injury, it turns out that Lloyds-TSB’s and most other banks’ fraud detection systems ignore ATM withdrawals. And because ATM transactions from foreign ATMs took anywhere from a week to a month to show up on customers’ statements, it usually was quite a while before the customer contacted the bank to dispute the transactions.
So until EMV is the configuration all over the world, the magnetic stripe is the weak link in the chain.
This is still a problem even with EMV. The bad guys have taken a tip from the long distance telephone scammers of the late 1980s playbook. It was that brief time before today’s truly portable cell phones and people relied on long distance calling cards. I can personally remember at Newark Airport, the terminal had scammers shoulder surfing people as they made calls writing down the calling card numbers as they keyed them into the phones.
What today’s EMV scammer does is electronically shoulder surf at ATMs and merchants and then lifts the victims’ wallet or purse. They then quickly conduct as many fraudulent transactions as possible before the victim can notify their bank of the stolen card.
Granted, this is not a great way to make a living, but properly done, one can make a living. With the new PCI PTS standard, even electronic shoulder surfing the PIN should be more difficult, but not necessarily impossible. And with the prevalence of video monitoring everywhere these days, the chance of obtaining footage containing recordings of people entering their PINs is even greater. So your new targets of hackers may be the DVRs that contain that footage.
Reverse Engineering Attack
This attack is a prime example of why some things should never be published on the Internet for everyone to see.
This is an attack that is developed by a person using their own credit cards as testing devices. Even in today’s economy, banks issue credit cards to almost anyone that applies as long as their credit score is good. Therefore it is not impossible to believe that someone would use their existing credit cards to reverse engineer keys.
First and foremost, all of the documentation is available on-line for anyone to see so the attacker has a readily available instruction manual for reverse engineering the standards. All of the hardware and software development kits are readily available and in some cases can be obtained for little or no cost from vendors or through eBay.
If you think this is far fetched, remember that at this year’s Black Hat a guy explained how he learned to hack ATMs by buying them through eBay and other sources. As I discussed earlier, what makes these attacks possible is that the private keys the banks use in their encryption do not change very often.
At most they change once per year, possibly even less than that. As a result, anyone that desires can use off-the-shelf software to monitor the network and capture the traffic when the card authenticates. From that traffic, the private key can be determined and then any card from a particular bank can then be easily cloned.
I am sure there are other attack vectors waiting to be discovered by some ingenious attacker. I only wish I had the free time to look into this topic further, but that is for the attackers who have such free time. But this is not to say that EMV would not bring something to the security table.
However, the bottom line is that there are risks with EMV and it is not the panacea that its proponents like to portray. It has known and unknown flaws just like any other piece of technology. So, let us all admit that fact and move forward.
UPDATE: Here are some more links to other information regarding issues with Chip and PIN and explanations of the above threats.
Cross-posted from PCI Guru