German EC cards: PINs can be stolen at card terminals
The Hypercom Artema Hybrid, probably the most widely used card terminal in Germany, contains critical security holes that can be exploited to harvest card data and PIN numbers. Unlike previous attacks on payment terminals, this attack doesn't require any hardware tampering. It can be carried out, for example, over TCP/IP and the device's network interface. The attack uses a buffer overflow that was discovered by Thomas Roth from Berlin-based Security Research Labs (SRLabs) to take control of the device – or at least of its ARM-based application processor. The Hardware Security Module (HSM) that cryptographically protects payment transactions remains untouched.
During an attack, criminals could make a customer believe that a payment transaction is taking place while they read the magnetic stripe data and log the PIN number entered by the customer. As demonstrated in a video and on "Monitor", a program screened on German TV channel ARD, customers have virtually no chance of noticing the fraud. Criminals can then use the harvested data and PINs to issue fake EC cards and withdraw money from cash points abroad. At worst, attackers could, for example, intrude into the network of a hotel or supermarket and then work their way to other subsidiaries in the chain to compromise hundreds of terminals at the same time.
The SRLabs researchers informed manufacturer VeriFone of the problem, and demonstrated the attack, back in March. However, SRLabs CEO Karsten Nohl told The H's associates at heise Security that communicating with Verifone was so "difficult" that the researchers eventually decided to make the problem public in order to get the holes fixed as quickly as possible.
When asked about the potential threat by heise Security, manufacturer Verifone has repeatedly stated that it has been unable to reproduce a hole that can be exploited to harvest PINs "during a payment transaction". While this statement is correct – transactions carried out via the HSM are not being attacked – it ignores the fact that customers are unable to tell the bogus payment transactions from legitimate ones.
Deutsche Kreditwirtschaft, the German banking industry association that handles such issues, emphasises that duplicate cards with copies of magnetic stripes don't work at German cash points because they lack the "machine-readable modulated" feature. What it doesn't mention, however, is that criminal gangs are already routinely using the skimmed data to withdraw cash abroad. Instead, it states that "in reality, there is only a theoretic attack potential" which "only works in lab conditions". The question of how a misuse could be prevented in a real scenario remains unanswered.
While the manufacturer and Deutsche Kreditwirtschaft have promised to fix the flaw with a software update "as soon as possible", Karsten Nohl's research team has discovered a further problem that can't be fixed in this way. The processor's JTAG debug interface is located in a place so exposed that attackers could contact it from outside without breaking the housing or seal. The manufacturer is aware of the JTAG problem; however, promised answers to questions raised about this issue almost a week ago have failed to arrive.