PIN check in EMV protocol for EC and credit cards bypassed
Researchers at the University of Cambridge have described ("Chip and PIN is Broken") a method for fooling the EMV protocol used in 'Chip and PIN' banking cards into apparently accepting any PIN. Following the EC card debacle at the turn of the year, this means more problems for the banking industry – indeed there are grounds for concern about the security of the system as a whole. The new discovery could explain the many fraud cases in which stolen cards have been used to make payments in shops despite the EMV terminal requiring PIN entry. Many victims have sworn that their PIN is not known by anyone else. There are even reports of cases in which the PIN notification was sitting unopened in a drawer where the victims themselves did not even know the PIN.
The EMV protocol (the name is derived from Eurocard, Mastercard and Visa) is intended to protect cards from illegal copying using methods such as skimming, with the chip replacing the magnetic strips previously used, although many of the cards still carry the magnetic strip as a back-up. The EMV protocol uses cryptographic methods to enable card terminals to verify a card transaction. There appear, however, to be weak points in both the specification and implementation with regard to the authentication of certain messages exchanged between the card and terminal.
According to the report, by means of a man-in-the-middle attack, it is possible to fool the terminal into thinking that the card has accepted the PIN entered and the card into thinking that the terminal has switched back to signature verification. The payment is then authorised as normal and the terminal prints out a receipt with the words "Verified with PIN".
The man-in-the-middle attack described by Steven J. Murdoch, Saar Drimer, Ross Anderson and Mike Bond is undemanding in its requirements. Using a card adaptor, communications between an original card and the terminal can be diverted to a PC with a special interface. The PC forwards all messages between the terminal and card unchanged. It is only when the terminal sends a 'Verify PIN' command to the card that the PC intercepts the command and responds with the code 0x9000, indicating to the terminal that the PIN is valid – the code 0x9000 is fixed. This means that it does not matter what PIN the attacker enters into the terminal as it never reaches the card.
The attack works both where verification is carried out online and where it is carried out offline. On its website the BBC has published a film demonstrating an actual attack in the University canteen. Once a card is blocked, the attack no longer works. The attack cannot be used to withdraw cash from ATMs, however, because in this case it is the bank's server, rather than the card, which checks the PIN.
In the opinion of the researchers, the entire EMV protocol stack is "broken" and needs to be rewritten. Ross Anderson has told The H's associates at heise Security that multiple vulnerabilities have already been found in the EMV protocol and that the EMV protocol – like Windows – is too complex and confused. In the opinion of Steven Murdoch, one of the authors of the paper, the procedure used in Germany is the same as that used in the UK. There has been no statement on the issue from the Zentrale Kreditausschuss, Germany's banking industry association. Anderson is, however, confident of the response to be expected from Germany's banking sector – "The specification prevents it." This is, says Anderson, not the point – the implementation is broken.
Whenever Anderson and his colleagues have looked closely, he says they have found a new problem in the EMV standard. He is certain that further vulnerabilities will be found – including at least one which explains fraudulent withdrawals from ATMs. Such a statement from an internationally renowned expert will make it harder in future for banks to persuade courts that misuse of EC cards is entirely due to carelessness on the part of customers.
- EC card disaster: French manufacturer Gemalto takes responsibility, a report from The H.
- EC card problem persists, a report from The H.
- Problems obtaining cash from German ATMs, a report from The H.
- The year 2010 is causing IT problems, a report from The H.