Chip-And-PIN Hack Is So Scary Because It Surprised No One
Written by Evan SchumanA February 2010 Cambridge University report that points out critical security flaws in chip-and-PIN (EMV) protocols—a security method that’s ever-present in the U.K., being massively deployed in Canada and being pushed for use in the U.S.—is most surprising in how remarkably unsurprising it is.
As reactions to the report’s man-in-the-middle attack methodology piled on, it was eerie how perfunctory the denials were, even among the most aggressive EMV advocates. My personal favorite is a statement that banking giant HSBC Group issued in the U.K. to the BBC: “Although they have raised a clear security concern with regards to chip-and-PIN, which we are taking very seriously, the problem highlighted is relevant to all card issuers and not just HSBC.” The bank didn’t even bother denying that the university’s hack worked.
For years, security aficionados have pushed chip-and-PIN while conceding that it’s not really secure but probably still better than what’s being done in the U.S. (formally called the “Hope And Pray They Don’t Take My Lunch Money Today” protocol). But the subtext implying that it’s not really all that secure is almost always present.
(For more on this topic, check out Walter Conway’s latest StorefrontBacktalk column, “Chip-And-PIN Is Not A Free Pass On PCI.”)
We’ll get into the details of the Cambridge report in a moment. In the meantime, it’s important to point out that the biggest criticism of this report is that the equipment needed to hack chip-and-PIN is too bulky for the attacks to actually happen without cashiers noticing. That argument was effectively obliterated with a wonderful piece of video journalism done by the BBC. It filmed one of the Cambridge researchers actually using this attack—successfully—at a wide range of retail locations leveraging borrowed cards of BBC staffers. Seeing the attack in action makes two things clear: It’s not theoretical, and it’s even practical. The movements of the pretend cyberthief were natural and not at all suspicious.
Retail IT execs specializing in security were especially concerned about the relative ease of the university hack execution. Braden Black, a senior enterprise architect (and security specialist) for 305-store shoe chain DSW, said that, in his opinion, the biggest problem with chip-and-PIN—as it’s currently deployed—is that banks have little incentive to make these systems secure because they no longer have any liability if they’re repeatedly breached. That liability has been pushed to the retailers.
“The ramifications of this attack are most disturbing when viewed in light of the fraud liability regulations that were adopted alongside the technology. Essentially, the banks offloaded fraud liability to merchants and cardholders. In this case, specifically, the attack vector exploited a flaw in the EMV PIN verification protocol causing a transaction to appear to the bank to be PIN-verified while the chip believes that signature-based verification is taking place. One no longer needs any knowledge of the PIN to authorize a transaction,” Black said. “This places the onus of liability upon the cardholder, who is assumed to be liable for the fraudulent transaction unless they can demonstrate that they were not present for the transaction and did not disclose their PIN code.”
-Marc
February 18th, 2010 at 10:11 am
This hack demonstrates a much larger vulnerability that goes way beyond payment authorization. As software design has moved to “object oriented” designs that encapsulate data and processes along with the whole concept of “stateless objects” the “man in the middle” or wedge attack becomes much easier. This could really happen in any situation. Just as we are hearing more about cyber attacks from overseas, we are using software design techniques that make our systems more vulnerable. Better get a kerosene lamp.
February 18th, 2010 at 12:08 pm
I worked on EMV project in Canada. EMV is better than plain MSR card. No doubt. This is not marketing “gimmick”.
The Cambridge/BBC video shows a guy using a Netbook PC and an EMV “test card” hooked on a stolen EMV card. Sure, you may hide all the cables
February 18th, 2010 at 12:15 pm
Sure, you may hide all the cables but the setup will be obvious if you are wearing a T-Shirt. ;)
EMV has to fix this. I don’t know if the same issue has been raised in Canada.
February 18th, 2010 at 10:40 pm
Mr. Bittner,
How do you equate the failure of a developed-in-secret, 14-year-old cryptographic protocol with the adoption of object oriented programming, the recognition of design patterns, or the maturity of software engineering as a discipline? You are comparing oranges to a philosopher’s left elbow — the argument doesn’t even parse.
There were no software failures here, no code crashes being exploited nor buffer overrun attacks smashing stacks. This was a failure in the design and creation of a *protocol* that fell prey to being spoofed. No objects failed, because no objects were transmitted. This is 100% protocol design failure; and it can be blamed on the secretive nature of the original design process and the immature cryptographic skills of the original protocol designers. (Here’s a hint for all you budding cryptographers: the best cryptographers know they aren’t good enough by themselves. They always seek outside validation of their designs. Always.)
The chips inside the smart cards don’t even have the memory or the horsepower to support object oriented programming techniques. There aren’t dynamic memory allocations. These are tiny 8-bit chips with about 1K of RAM, and the applications hand coded in assembler (or possibly C.)
I’m sorry if you are uncomfortable with modern design techniques, object oriented languages, test-driven development, design patterns, or if you think programming should still be functional now because it was functional back when you first learned it. If you are interested in that kind of bare-metal programming, might I suggest embedded systems design? It’s all about writing code for these tiny standalone processors, where every byte still matters and every cycle still counts. You even get style points for writing in assembler. :-)
February 22nd, 2010 at 11:12 pm
Long ago I used to write code for smart card terminals, including those that accepted EMV cards. Even with the imperfections, the chip-based systems are much more secure than mag-stripe. The fact that this particular hole went undiscovered for at least six years is actually pretty impressive. Although I don’t know the specifics, I’m willing to bet this particular issue can be resolved in the terminal code without having to reissue all the cards.
This is a great example of the importance of ethical hacking. Hats off to the Cambridge team.
February 23rd, 2010 at 12:50 pm
Was it undiscovered? And are we sure there are variations already in the wild? There have been many customer complaints of fraudulent activity with EMV and most were simply swept under the carpet and attributed to a failure of the cardholder without much investigation. Recently the EU shifted some of the burden of proof back to the banks and this was done prior to this Cambridge report. If the system is so secure, why the shift?
February 23rd, 2010 at 12:59 pm
This hack has been available for over 8 years now. I doubt this should be a surprise to anyone.