[LINK] RFC: The Dangers of Contactless Payment Schemes

Jan Whitaker jwhit at melbpc.org.au
Thu Sep 13 16:38:35 AEST 2012 

At 11:45 AM 12/09/2012, Roger Clarke you wrote:
>Consumer and media interest in this topic is hotting up again.
>
>I've finally got around to flinging my comments into a resource document.
>
>As always, constructively negative feedback gratefully received:

How about fraudulent cards:


Chip and PIN cards can be cloned: researchers

Brian Krebs
Published: September 13, 2012 - 11:22AM

Researchers in the United Kingdom say they have 
mounting evidence that thieves have been quietly 
exploiting design flaws in a security system 
widely used in Europe and Australia to prevent 
credit and debit card fraud at cash machines and point-of-sale devices.

At issue is an anti-fraud system called EMV 
(short for Europay, MasterCard and Visa), also 
known as "chip-and-PIN". The cards include a 
secret algorithm embedded in the chip that 
encodes the card data, making it more difficult 
for fraudsters use stolen cards at EMV-compliant terminals.

Chip-and-PIN is widely supported in Australia, 
where major card brands work with banks and ATM 
and payment terminal makers to support the technology.

EMV standards call for cards to be authenticated 
to a payment terminal or ATM by computing several 
bits of information, including the charge or 
withdrawal amount, the date, and a so-called 
"unpredictable number". But researchers from the 
computer laboratory at Cambridge University say 
they discovered some payment terminals and ATMs 
rely on little more than simple counters, or 
incremental numbers that are quite predictable.

"The current problem is that instead of having 
the random number generated by the bank, it's 
generated by the merchant terminal," said Ross 
Anderson, professor of security engineering at 
Cambridge, and an author of a paper being 
released this week titled, Chip and Skim: Cloning 
EMV cards with the Pre-Play Attack.

Anderson said the failure to specify that 
merchant terminals should insist on truly random 
numbers, instead of merely non-repeating numbers 
­ is at the crux of the problem.

"This leads to two potential failures: If the 
merchant terminal doesn't a generate random 
number, you're stuffed," he said in an interview. 
"And the second is if there is some wicked 
interception device between the merchant terminal 
and the bank, such as malware on the merchant's 
server, then you're also stuffed."

The "pre-play" aspect of the attack mentioned in 
the title of their paper refers to the ability to 
predict the unpredictable number, which 
theoretically allows an attacker to record 
everything from the card transaction and to play 
it back and impersonate the card in additional 
transactions at a future date and location.

Anderson and a team of other researchers at 
Cambridge started their research more than nine 
months ago, when they first began hearing from 
European bank card users affected by fraud ­ even 
though they had not shared their PIN with anyone.

The victims' banks refused to reimburse the 
losses, arguing that the EMV technology made the 
claimed fraud impossible. But the researchers 
suspected that fraudsters had discovered a method 
of predicting the supposedly unpredictable number 
used by specific point-of-sale devices or ATMs models.

For example, the team heard from a physics 
professor in Stockholm who went to Brussels and 
bought a meal at a nice restaurant for 255 euros, 
and immediately after midnight that evening had 
his card debited with two transactions of 750 
euros each at another payment terminal nearby.

Anderson said the team had "lots and lots of 
victims" coming to them (several others are 
mentioned in the group's 
<http://www.lightbluetouchpaper.org/2012/09/10/chip-and-skim-cloning-emv-cards-with-the-pre-play-attack/>blog 
post on the paper), complaining of being ripped 
off and then denied help from their banks. The 
researchers say they notified the appropriate 
banking industry organisations of their findings 
in early 2012, but opted to publish their work 
because it they believe it helps to explain good 
portion of the unsolved phantom withdrawal cases 
reported to them for which they previously had no explanation.

"The point here is that when a bank turns down a 
customer because [a fraudulent transaction] looks 
like cloning and cloning isn't possible because 
the card has a tamper resistant chip, we show 
that this kind of logic doesn't stand up," Anderson said.

The research team said their work is informed by 
data collected from more than 1000 transactions 
at more than 20 ATMs and a number of 
point-of-sale terminals. They also purchased 
three EMV-enabled ATMs off of eBay, and began 
systematically harvesting unpredictable numbers 
from them in hopes of finding predictable random 
number generators. Their research on this front 
is ongoing, but so far the group says it has 
established non-uniformity of unpredictable 
numbers in half of the ATMs they looked at.

In response to inquiries 
<http://www.bbc.com/news/technology-19559124>from 
the BBC, a spokeswoman for the UK's Financial 
Fraud Action group downplayed the threat, telling 
the publication: "We've never claimed that chip 
and pin is 100 percent secure and the industry 
has successfully adopted a multi-layered approach 
to detecting any newly-identified types of fraud. 
What we know is that there is absolutely no 
evidence of this complicated fraud being 
undertaken in the real world. It requires 
considerable effort to set up and involves a 
series of co-ordinated activities, each of which 
carries a certain risk of detection and failure for the fraudster."

Anderson says the industry's response is typical.

"They're saying this is too complex a fraud for 
the average villain to conduct, but they always 
say that, and they said that about our PIN entry 
device compromise research 
<http://www.cl.cam.ac.uk/research/security/banking/ped/>in 
2008, despite the fact that it was already 
happening in the field. The second thing they're 
saying is they have no evidence of real cases. 
And that's exactly what they said in 2010, when 
we released our 
<http://www.cl.cam.ac.uk/research/security/banking/nopin/press-release.html>no-PIN 
fraud research. But we later learned that the UK 
cards association did at the time know that there 
were no-PIN frauds going on in France to the tune 
of about a million euros. Then when we went back 
and said, 'Aha, we've got them for making false 
statements,' it turned out that they'd written 
their statement very carefully to say they had no 
evidence of this happening in Britain, not no 
evidence of this happening full-stop. So this is 
following an established pattern by bank PR 
people of carefully denying it in ways that don't stand up."

A copy of the research paper is available 
<http://www.cl.cam.ac.uk/%7Erja14/Papers/unattack.pdf>here (PDF).

<http://www.krebsonsecurity.com>KrebsOnAecurity

This story was found at: 
http://www.theage.com.au/it-pro/security-it/chip-and-pin-cards-can-be-cloned-researchers-20120913-25ts1.html 





Melbourne, Victoria, Australia
jwhit at janwhitaker.com
blog: http://janwhitaker.com/jansblog/
business: http://www.janwhitaker.com

Our truest response to the irrationality of the 
world is to paint or sing or write, for only in such response do we find truth.
~Madeline L'Engle, writer

_ __________________ _

More information about the Link mailing list