Cambridge team exposes EMV card vulnerabilities

Sep 13, 2012 by Nancy Owano report

(Phys.org)—At a cryptography gathering in Leuven, Belgium, on Tuesday, Cambridge University researchers made it known that they do not like what they see in chip and pin systems. Banks rely on customer confidence in their word that chip and pin systems are safe, but the researchers tell quite a different story. Part of the problem has to do with the number generators, which the researchers give a failing grade. Each time a customer is involved in a chip and pin transaction, withdrawing cash or buying goods, a unique unpredictable number is created to authenticate the transaction. The unpredictable number, generated by software, is supposed to be chosen at random. But researchers say the number is highly predictable, because dates or timestamps had been used.

Their paper, "Chip and Skim: Cloning EMV Cards with the Pre-play Attack" presents the troubling details of weaknesses in protocol and random number generation which leave customers in the cold as fraud victims. "EMV" is the name given to the system from its original developers Europay, MasterCard and Visa. The system is also known as chip and pin, and is the leading system for card payments, in Europe, much of Asia, and starting to be used in North America.

contain a chip so they can execute an authentication protocol. POS terminals or ATMs generate the unpredictable number, for each transaction to ensure it is fresh.

Some EMV implementers have merely used counters, timestamps or home-grown algorithms to supply this number. This exposes them to a pre-play attack, say the Cambridge team. The researchers find it shocking that many ATMs and point-of-sale terminals have "seriously defective" random number generators, often "just counters."

The study authors also point to a key shortcoming at the protocol level where "the party depending upon freshness in the protocol is not the party responsible for generating it." Although the issuing bank is depending on the merchant for transaction freshness, they said, the merchant "may not be incentivised to provide it, may not be able to deliver it correctly due to lack of end-to-end authentication with the issuer, and might even be collusive (directly or indirectly)."

The study team's harshest words are for those banks that "suppress information about known vulnerabilities, with the result that fraud victims continue to be denied refunds." The researchers argue the lack of fairness when any customer who complains of fraud may be told by the bank that since EMVs are secure, the victim is mistaken "or lying when they dispute card transactions." And yet, said the study, "again and again, the banks have turned out to be wrong."

One vulnerability after another has been discovered and exploited by criminals. They said it has mostly been left to independent security researchers to identify what is happening and to spread the word.

The researchers said that, in looking for solutions, it would not be practical to turn to what is a slow and complex negotiation process between merchants, banks and vendors. "It is time for bank regulators to take an interest," they said. "It's welcome that the US Federal Reserve is now paying attention, and time for European regulators to follow suit."

Explore further: CHIKV challenge asks teams to forecast the spread of infectious disease

More information:
www.lightbluetouchpaper.org/20… the-pre-play-attack/
www.cl.cam.ac.uk/~rja14/Papers/unattack.pdf

Related Stories

Chip and pin terminals shown to harvest customer info

Jul 31, 2012

(Phys.org) -- For all customers, merchants and restaurant owners making use of card readers for transactions, well, this is not the best of news. Experts have found a security flaw in chip and PIN terminals ...

Phishers Use Call Forwarding to Mask Fraud

Apr 28, 2007

A phishing attack uncovered by SecureWorks tries to entice victims into forwarding their telephone calls in order to thwart out-of-band authentication by banks.

Software defect hits millions of German bank cards

Jan 05, 2010

(AP) -- Millions of German bank cards have been affected by a "millennium bug"-like problem because they contain software that can't process the number 2010, industry groups said Tuesday.

Recommended for you

User comments : 4

Adjust slider to filter visible comments by rank

Display comments: newest first

Eikka
2.8 / 5 (4) Sep 13, 2012
The biggest security flaw of the system is still the traditional social hole.

"I'm sorry, I forgot my PIN, can I sign the receit?"

And there you have it. All chip & pin machines allow you to bypass all security at the discretion of the shopkeeper, and it also allows you to hack a card to believe that it was authenticated by signature to authorize the transaction without entering the correct PIN. Before that hole is closed, some hypothetical random number attack is pretty much a non-issue.
Expiorer
1 / 5 (3) Sep 13, 2012
simple solution = write diferent salt values on each card
Argiod
1 / 5 (5) Sep 13, 2012
If I didn't know better (and I don't) I'd say the banks do anything to be able to 'legally' take as much of our money as possible.

I used to keep my money in the bank to avoid being robbed.
Now I keep my money on me; so if robbed I can at least defend myself with a chance I'll prevail.
alfie_null
not rated yet Sep 14, 2012
So long as they can absorb the cost of fraud, banks won't be motivated to fix the problems.
Unfortunately, this intransigence allows fostering the growth of a criminal industry that will be that much more expensive to eradicate in the future.