back to article Forget card skimmers, chip-card shimmers will be your next nightmare

America's belated move to EMV (Europay, MasterCard and Visa) chip-equipped cards won't be the panacea some had hoped. As it turns out, the cards are just as easy to clone as their magnetic stripe predecessors. At the Black Hat 2016 security conference in Las Vegas this week, engineers from Rapid7 demonstrated how a few small …

  1. a_yank_lurker

    Perfect Defence = Impossible

    The real goal of switching the chipped cards was never to eliminate fraud but to significantly reduce it. While many have not give much thought to chip card vulnerabilities they do exist.This will be true of any payment system, including cash.

    1. JeffyPoooh
      Pint

      Re: Perfect Defence = Impossible

      The disappointment comes to those that actually expected a system to be highly secure for many years. Perhaps "10^77 years", or six weeks, whichever comes first.

      Anyone working in the I.T. "Security" field that doesn't very closely follow these sorts of 'hacker' conferences is a menace to society. Such conferences are typically bursting with crystal clear counterexamples to the accepted wisdom, knowledge which is essential for correct decision making. Ignore these sorts of conferences, and one's head will be filled with fluff.

    2. Anonymous Coward
      Anonymous Coward

      Re: Perfect Defence = Impossible

      The intent of EMV was to fix the problem of stolen credit card numbers, which used to be a very small problem but grew along with the ease of electronic exploits and online ordering. There are other types of fraud that EMV can't address, but it pretty much eliminates the potential loss from stuff like getting at someone's database of credit card numbers or sniffing their wifi and catching them in transit from their POS terminals.

    3. jimdandy

      Re: Perfect Defence = Impossible

      Cash. Really? Has anyone researched the issue of counterfeit cash causing major losses to it's users? Given the improvement of printer quality and theft of US cloth-based money I understand that this issue is not dead. However, if the mainstream news outlets and online newsies such as The Register are concerned, it's all about the data scraping from credit/debit cards.

      Explain how my cash purchases put me at the same risk as credit card use.

      1. Anonymous Coward
        Anonymous Coward

        Re: Perfect Defence = Impossible

        The Royal Mint says:

        "A survey undertaken in May 2015 found that the rate of counterfeit UK £1 coins in circulation at the time was 2.55%, compared to 3.03% in May 2014."

        Apparently that is in the order of 50 million forged £1 coins actually in circulation - very approximately 1 in 30.

        http://www.bbc.co.uk/news/business-10774366

        1. Pat Att

          Re: Perfect Defence = Impossible

          Just think of those forged £1 coins as a form of crowdsourced quantitative easing, and the problem disappears.

        2. PNGuinn
          FAIL

          Re: Royal Mint says ...

          It would help if they wouldn't keep issuing fancy new designs for their bloody coins.

          There's so many variations in circulation that I defy anyone who's not a coinspotter (think trainspotter with a clean dry anorak and large holes worn in the pocketses ?) to recognise them all.

          No need to forge a coin in Blighty - just create a new design.

          Not guilty of forgery m'lud - it's all my own work, copyrighted an' all, and I'll sue the B*****ks of anyone who tries to forge it.

      2. phuzz Silver badge

        Re: Perfect Defence = Impossible

        "Explain how my cash purchases put me at the same risk as credit card use."

        I'm not sure that it's the same risk, but if you use a currency that is widely counterfeited, you might buy something from a shop, and be given fake money in your change which you would not be able to spend elsewhere, thus losing money.

        Of course, what's more likely to happen is the shop doesn't notice the fake pound coin when they give it to you, nor do you notice that it's fake, and neither does the shop where you spend it. Your only loss would be a tiny amount of inflation, but not one you'd notice.

    4. Trigonoceps occipitalis

      Re: Perfect Defence = Impossible

      @ a_yank_lurker

      Being more cynical than you I take the view that the point of chip and PIN was to shift the cost of fraud onto the shop.

  2. Anonymous Coward
    Anonymous Coward

    Poor implementation

    "Once retrieved, he was able to use the information to set up fraudulent accounts and potentially start siphoning money."

    What? There's nothing available from the chip that should allow somone to set up new accounts (not if the bank's customer verification processes are worth anything). And how would that account then be associated with the original one that the card is linked to it? This needs more explanation because this isn't what happened in South America.

    The attacks in South America were the same as the previous skimmer attacks. i.e. copy the track2 data and use it in conjunction with the CVV (Card Verification Value) elsewhere for fraudulent transactions either online or, if you captured the PIN, at an ATM in a country that hasn't implemented EMV chip cards.

    In the scenario above, chips are more secure because the CVV for the chip version of track2 data is different from the equivalent mag stripe data. This means that you can't use the data from the chip because the CVV is wrong (not the same as the one visibly printed on your card). If you try to use a cloned card with the PIN on an ATM, this should also be blocked because the CVV is not the same as the mag stripe so the chip is required. Because, the shimmer can't collect enough data to be able to clone the chip, this vector isn't viable.

    For online (card not present) transactions you don't have the right CVV so again, this vector should be closed.

    Fraud from shimming is possible if the merchant and issuer allow transactions through with the wrong CVV. That's not a fundamental weakness of chip and pin, that's just poor implementation.

    1. dajames

      Re: Poor implementation

      What? There's nothing available from the chip that should allow somone to set up new accounts...

      Agreed ... but (despite what the article says) I don't think that's what's happening.

      The full details haven't been released, but it appears that the attack involves recording the details of a legitimate transaction and later replaying that transaction (and hundreds of others from other cards) on another ATM.

      This is possible because there is no attempt in current chip-and-PIN systems to authenticate the card to the terminal (or the terminal to the card, for that matter). Such checks could be implemented using a challenge-and-response technique*, but such a technique would require every terminal to have access to a key stored on the card, and the secure management and storage of these keys would be a heavy administrative burden.

      [* The terminal would generate a random number and ask the card to encrypt or sign this number with an on-card key. The card would reply with the encrypted/signed data, and the terminal would verify the result using its copy of the key.

      Such a transaction could not simply be replayed as the random challenge would be different every time, so the attack described here would be defeated.

      The key would be stored on the card in a "file" that can be used as a key but cannot be read or copied. EMV cards already have the capabilities needed to perform these calculations (though they may not be issued with suitable keys installed).

      The terminal would have to have a copy of the key used on each card (which could be a cyptogram of the card number, so only one key-deriving key would be needed for each card issuing body), but the terminal would need to have its own securely stored copy of the key used by every card issuer or would have to be online to the card issuing bodies in order to obtain a card's key in real time. If a card issuer's key-deriving key were ever to be compromised then it would be possible to spoof any card protected by that key, so making key storage in an ATM sufficiently secure would be extremely difficult.]

      1. Anonymous Coward
        Anonymous Coward

        Re: Poor implementation

        @dajames - that requires EMV to work in an offline mode which isn't typlically allowed in an unnattended ATM environment. In contrast, ATM transactions always have to be authorised by the card issuer.

        If you have an ATM in a conference centre, you can make it appear to do anything but if you want a real host to authorise a transaction you have to get around other security measures that prevent transaction replay attacks. Simplest of which is a MAC that's generated against the card data and PIN block. This is one of the oldest security measures in place for ATMs to prevent MIM attacks on the network.

        You can't simply insert the card data you recorded earlier into a new transaction with a valid MAC unless you also have malware on the ATM. If you've acheived that, then you have no need for a shimmer because you own the ATM anyway.

        1. dajames

          Re: Poor implementation

          @(no handle yet)

          if you want a real host to authorise a transaction you have to get around other security measures that prevent transaction replay attacks. Simplest of which is a MAC that's generated against the card data and PIN block. This is one of the oldest security measures in place for ATMs to prevent MIM attacks on the network.

          Sure, but this new attack isn't an MITM attack on the network, it's an MITM attck on the communications between the card and the terminal. That channel is not currently protected (it wasn't last time I did any work on this stuff, and it still isn't if I understand the article correctly) so replays on that channel are possible. That's why this new attack works.

          Note, also, that with Chip-and-PIN the PIN is verified on the card. This means that there is no need to transmit the PIN to the bank for checking. The benefit of this is supposed to be that the PoS terminal (or ATM) does not need to be online for secure PIN verification to take place. I understand that many ATMs, especially in the US, are still magstripe-based, though, and don't use the chip at all, so in those cases a PIN block will have to be sent for verification, and that messge is protected against replays.

    2. Trigonoceps occipitalis

      Re: Poor implementation

      Every where I went in South America the shop keepers/hotel reception would try to record the CVV. When challenged they needed the CVV "to complete the transaction"?

      I have also been asked for the CVV in the UK when standing in front of a vendor and holding the card in my hand. Their normal reaction is to take offence that I think they may commit a fraud on my card. I don't, just following sensible card usage.

  3. wisewellies

    Liability?

    The true aim of chip cards was to move the liability for fraudulent transactions away from the banks, and place it squarely into the hands of the user. Chip (+PIN in most sensible places) was deemed to be so secure, that the only way a fraudulent transaction could take place is if you had physical access to the card and the PIN. Since introduction, there have been several methods demonstrated that allow fraudulent transactions - yet the banks refuse to publicly acknowledge that they are anything other than the customer's fault.

    1. SImon Hobson Bronze badge

      Re: Liability?

      The true aim of chip cards was to move the liability for fraudulent transactions away from the banks ...

      This.

      And what's more, I see that the security has been shown to be "not 100%" since at least NINE years ago ! There's some very good depressing reading over in the Light Blue Touchpaper blog.

  4. Kirstian K
    Holmes

    Alternativly

    Im supprised its not more of a problem for random pocket scanning.

    if you think about it, if i had 'Box X' with my scanner in, and just walk down the street and brush past a person on the street (like the ole pick pocket days, but not entry into pockets is needed) and just try and scan a chip for a payment. i know its < £30 per transaction, but walk down a street get enough pockets and that would quickly add up.

    There was an issue a while back (assume its still a problem, dunno) where longon underground did this, the oyster card was in peoples pockets, they scanned, but it took peoples VISA's as priority and they paid for there ticket, instead of their Oyster paying the ticket, just because they were close enough to be in range, so its just an extention of that is you think about it.

    so yeah,modern day pick pocketing via a swipe. im supprised thats not a thing yet.

    1. cambsukguy

      Re: Alternativly

      Although that makes me wonder of the risk/benefit is worthwhile, you have to steal less than £30 and you have to make sure you are not on camera doing so, every time you do it.

      Since even my local McDs has five cameras pointing at just the queue, the risk seems high for the reward.

      Nicking something from a shop directly might get you caught sometimes and punished minimally, at least for the first time or two, whereas electronic theft might seems more like theft from a person and also on 'the system', possibly punished more heavily.

    2. theOtherJT Silver badge

      Re: Alternativly

      I presume the reason being that you'd have to set up an account that was capable of accepting swipe payments. I don't know how that's done, but I would hope that a certain quantity of personal information would be required (and have to be verified) before the bank would start accepting tap payments flowing into that account.

      Possibly you could try and attach it to a legitimate business account as an aside, but to make it worth while you'd have to scam so many people that surely the pattern of customers phoning their bank and saying "I didn't buy this. Why is this charge on my card?" would trace back to you before you made enough money to just close down the business and leave the country.

  5. Anonymous Coward
    Anonymous Coward

    Chip and pin has been fundamentally broken for a long time, it was never more secure all it did was give the banks a way to try and offload the blame for fraud until the exploits were known in the wild.

    See from 2010: http://goo.gl/pv3PQm

    Although there was evidence that this exploit had been discovered long before that, during the time the banks all refused to process fraud refund requests for attacks carried out using this attack.

    As someone else said this is likely a clever, but simple replay attack. What i suspect has been discovered is that the random number the chip is asked to validate is time based and doesn't use seconds, or has a window to allow for variations in ATM RTC's. So from the point the real card makes the first transaction you have upto 30-60 seconds to potentially make the replay transaction. Although the window maybe even longer, who knows what idiotic mistake they made.

    Why on earth didn't they also add some randomness to the number check which would have thwarted this sort of thing, as two subsequent checks would never be validating the same number.

    At the very least make the numbers one time use like every other two factor auth system i can think of.

    Its a barnaby jack moment all over again...

    Oh wait but ATM's now mostly have anti skim devices right...

    Not that is fool proof either: http://goo.gl/NBa38I

  6. Anonymous Coward
    Anonymous Coward

    Has been known for years

    Urrup was where the hackers learned how to defeat the chip cards first. The U.S. has just started to change to chip cards - all in vain.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like