Chip 'n pin - insecure?

I think the program either botched the demonstration OR was demonstrating a load of crap.

What I understood them to be doing was using a doctored m/c to collect the pin and then sending said pin by wireless to a colleague next door who bought some books with a fake card.

SO, the way I understand it was they must have ALREADY made a copy of the card,ok been done before. Or maybe they were grabbing the card details and making one up on the fly, so what.

The grabbing the pin bit - so you make a lookylikey box with the relevant buttons on it and just save which ones are pressed - you've got the pin - then just print a transaction report and the customer is happy and walks away.

What I don't see is the wireless transmitting bit and doing it there and then. Once you have (fake) card and pin you can use it anytime anyplace.

At 11:48:30 on 07/02/2007, snipped-for-privacy@googlemail.com delighted uk.finance by announcing:

There is no completely secure way to exchange goods or services. Once we understand that, it's all about the relative risks.

This particular fraud, once identified, leaves little doubt as to who the culprit is. The customer will have a receipt with the merchant details and the time and date of their transaction which doesn't match the details of the transaction (with the same time and date) that the CC company has. It just remains to identify who was operating the terminal at that merchant, at that time.

Tracing the accomplice, of course, requires either a confession or identification from the second merchant.

I'm not sure of the exact method used to present the cardholder's details to the genuine machine, but it's also possible that this type of fraud (along with many of the others that Cambridge have come up with) will be eliminated when DDA cards are issued.

They had to do the wireless bit because they didn't clone the card, all they did was build a wireless extension to the card.

When the second machine integrated what it thought was a real card the commands were just being relayed back to the real card via the wireless link.

They didn't show that the fake 'card' had wires running from it and up the guys arm to the wireless kit in his backpack.

Lastly they had to watch what the real card holder entered as his pin and call the 'fraudster' to tell him so he could enter it.

It was a very misleading demonstration by watchdog, for a better explanation see:

At 12:37:07 on 07/02/2007, Peter King delighted uk.finance by announcing:

The attack is detailed here:

In essence, the cardholder thinks they're paying for a meal in BigBurgers for

20 quid when actually their card is used for a 2000 quid transaction at DiamondsRUs. The only thing that would alert them to the transaction not being correct is the display on the terminal when they enter their pin. But here the BigBurgers terminal has been tampered with, so it can display whatever the bad guys want.

On their statement will be the DiamondsRUs transaction instead of BigBurgers, so the customer will have to remember that they made a transaction that wasn't listed. Note that the CC receipt is also under control of the bad guys who could alter what's printed on the receipt to make it less likely they're detected (different transaction ID or time, say)

Also note that the demo used a card with wires attached, for ease of hacking up a demo. There's no reason why a wireless card couldn't be made, controlled from a pocket PC in the accomplice's jacket.

It's essentially the same as an invisible long piece of wire between the card and the real terminal. The display would check it if the display could be trusted, but the demo shows that it cannot. The only trusted display is one the customer carries, such as one on the card.

Theo

At 13:55:11 on 07/02/2007, Theo Markettos delighted uk.finance by announcing:

Yes. There are two points you can detect this fraud before it occurs.

1. Detecting that the first terminal is 'dodgy'. This is practically impossible. The customer will have no way of knowing what it's connected to unless the operator is really stupid.
2. Detecting the false card. This will range from obvious - wires running from a plain white card which has been handed to the operator - to practically impossible - RFID-enabled lookalike card which never leaves the fraudster's hand.

So, it's practically impossible to detect this before the act. If the customer keeps their receipts it will be more straightforward to show where they used their card at the time. Otherwise, it could well prove troublesome to investigate.

As is pointed out in the paper - one attack that this allows is to steal a card and pin and then immediately use it abroad in C&P transactions.

Prior to this attack demonstration, it would have required physically sending the card abroad, unlike the magstripe attack where the card can be cloned in the remote country from data that can be sent by telephone.

For a relatively low success rate, you don't even need the pin.

Thief steals C&P cards and immediately plugs them into a card reader connected to a 3G wireless enabled laptop. Laptop makes 3 (6?[1]) guesses as to the pin. If it's successful it then immediately contacts a remote accomplice (maybe in another country) to perform cash withdrawals or purchases using C&P. Fraud can continue until customer notices missing card or bank notices suspicious transactions.

Of course, this attack requires something like 3000 (1500) cards stolen for each successful attack but given the potential large returns it might be worth it.

[1] AIUI you get three guesses at a merchant and then three guesses at a cashpoint to unlock the card. The laptop can emulate the merchant and then (maybe[2]?) emulate the cashpoint to unlock the card (Is the card permanently disabled after that and a new card must be supplied or can it be unlocked in which case there's potentially further guessing opportunity?). [2] Does the card use public key cryptography to authenticate the cashpoint? In which case the second three guesses would require physically visiting a cashpoint which is probably too risky for someone stealing thousands of cards.

Tim.

At 15:03:30 on 07/02/2007, snipped-for-privacy@woodall.me.uk delighted uk.finance by announcing:

Why bother to go abroad?

The card's talking 'through' the cashpoint, not 'to' it. When you enter the PIN, it's enciphered and sent online to the issuing bank. You'd therefore need to emulate the card issuer (along with its key).

In case/when the card is stopped. I'd suspect that the accomplice using the fake card abroad stands more chance of getting away than if it's tried in this country.

The person who stole the cards is only exposed while actually doing the stealing, the person using the card is exposed every time it's used.

So (I'm guessing, I really ought to look this up but I'm lazy :-) the card sends the pin encrypted with the card's secret to the bank (which also knows the cards secret and pin). Assuming that verifies OK the bank then sends back an unlock code also encrypted with the cards secret that the card can then verify before unlocking.

Therefore any attacker needs to know the secret on the card to unlock it. And recovering the secret, while not theoretically impossible, is sufficiently difficult and expensive that the card will hopefully be spotted as missing and stopped before an attacker can make a profit from this sort of attack.

Tim.

That's assuming that the transaction at the shop with the doctored machine went through. And that the machine was connected to the network at the time. They could leave the card in there long enough for the fraud to occur, and then say "oh sorry, our terminal doesn't seem to be working. Do you have cash?" They then give the customer a receipt from a standard till with the timer set 30 minutes into the future. The fraud won't come to light until the statement is sent out. The chance of the customer still having the till receipts at the time the statement arrives is small. Even if they do, the receipt time will be 30 minutes after the fraud occurred, seemingly indicating that the customer was at the shop after the fraud. Not perfect, as the customer might remember the failed transaction, but by then all evidence of the doctored machine would be long gone.

What if the Jeweler (or where-ever the fraudulent purchase is made) is in on it? They could turn a blind eye to whatever wires are dangling around the white card, and allow the purchase to be made. Then, when the scam is detected, they should be indemnified by the card company because their machine validated the card and a correct pin was used. Clearly this couldn't be done too many times (more than once?) at the same Jewelers or it would be too suspicious.

At 15:48:37 on 07/02/2007, snipped-for-privacy@woodall.me.uk delighted uk.finance by announcing:

That's about it.

Spot on.

At 16:15:44 on 07/02/2007, snipped-for-privacy@googlemail.com delighted uk.finance by announcing:

Well quite.

At 16:10:11 on 07/02/2007, snipped-for-privacy@googlemail.com delighted uk.finance by announcing:

It did, but not through the 'doctored' machine.

That's a different fraud.

It's only a slightly different fraud, and only changed to remove "problems" with the original.

At 17:18:16 on 07/02/2007, snipped-for-privacy@googlemail.com delighted uk.finance by announcing:

Yes. I didn't read properly the first time. It is, in fact, exactly the same fraud.

Well let's examine it then. The customer has a receipt for a transaction that never took place, whether it was the same time or a different time to the fraudulent transaction.

I don't really see which problem you've removed.

At 17:27:35 on 07/02/2007, Alex delighted uk.finance by announcing:

Except that I still didn't read it properly :-p

So the receipt is for a cash transaction, not a card transaction. We basically end up with the situation I already described whereby "it could well prove troublesome to investigate."

So we agree at last. At least that identifying the culprit shop isn't a no-brainer.

So it the system safer if they take your pic whilst you're pinning?