ZDNet UK / News and Analysis / Security / Security Threats

Chip and PIN is broken, say researchers

By Tom Espiner, ZDNet UK, 11 February, 2010 17:01

Topics

Chip and PIN, Hack, Credit card, Debit card, Man in the middle, EMV protocol, Cambridge University, UK Payments Administration, Scam, Fraud, PIN

NEWS

Chip-and-PIN readers can be tricked into accepting transactions without a valid personal identification number, opening the door to fraud, researchers have found.

Researchers at Cambridge University have found a fundamental flaw in the EMV — Europay, MasterCard, Visa — protocol that underlies chip-and-PIN validation for debit and credit cards.

As a consequence, a device can be created to modify and intercept communications between a card and a point-of-sale terminal, and fool the terminal into accepting that a PIN verification has succeeded.

"Chip and PIN is fundamentally broken," Professor Ross Anderson of Cambridge University told ZDNet UK. "Banks and merchants rely on the words 'Verified by PIN' on receipts, but they don't mean anything."

The researchers conducted an attack that succeeded in tricking a card reader into authenticating a transaction, even though no valid PIN was entered. In a later test, they managed to authenticate transactions, without the correct PIN, with valid cards from six different card issuers. Those issuers were Barclaycard, Co-operative Bank, Halifax, Bank of Scotland, HSBC and John Lewis.

The central problem with the EMV protocol is that it allows the card and the terminal to generate ambiguous data about the verification process, which the bank will accept as valid.

Tech guide

TechGuide
How the Cambridge chip and PIN attack works

Read more +

In particular, the terminal can record that a PIN verification has taken place, while the card itself receives a verification message that does not specify that a PIN has been used. The resultant authorisation by the terminal is accepted by the bank, and the transaction goes ahead.

This means that while a PIN must be entered, any PIN code would be accepted by the terminal, the researchers said in a paper entitled Chip and PIN is Broken.

The researchers said the engineering and programming skills necessary to make a man-in-the-middle device to conduct the attack are elementary.

"The attack doesn't require too much technical skill [to emulate]," said Steven Murdoch, who took part in the Cambridge University research, alongside Anderson and Saar Drimer.

Behind the attack
The attack targets the way the various security mechanisms interact in the cardholder verification process. In this process, the chip in the card and the terminal decide how to authenticate the transaction. The cards examined by the researchers all recognised as authentication, in descending order of preference: PIN verification; signature verification; and no verification.

The majority of transactions require PIN verification. The customer enters their number on a PIN entry device. The PIN is then sent to the card, which compares it to a PIN...

Related stories

Researchers devise chip and PIN crack

ID card 'chip and PIN' proposal raises security fears

Cambridge researchers knock Verified by Visa

Eastern Europeans charged with RBS WorldPay hack

Alleged mastermind behind TJX hack pleads guilty

Talkback

Surely, they could have managed something like:

Fortunately, the hardware rig and access is pretty difficult to set up for the average card thief, even when you've figured out how to do this. For this reason, this flaw hasn't yet caused a major problem.

But the Cambridge researchers do appear to have stumbled across a blatant and embarrassing flaw in the protocol, which has the potential to cause real damage. Therefore, it would be a good idea if we took some reasonably urgent action to correct it. We'll get onto it straight away.

But no, that isn't the sort of honesty level that our industry finds acceptable...

davidkarlin 11 February, 2010 18:24 Reply

Indeed very well put, besides it's only a matter of time before some one reduces the means to a fake card, and then they can move onto cracking the wireless cards.

Oh and I like the way the end user gets left to pick up the financial peaces after the purverable hits the fan.

CA 11 February, 2010 23:10 Reply

This is an excellent article - many thanks

Shibley R 11 February, 2010 23:30 Reply

Good company response - if the whole world believes everything they hear! What about the thousands of people who lost money only to be told that they MUST HAVE "leaked" their PIN? There are loads of people who reckon they never let anyone get their PIN but still bogus transactions are blamed on them with lines like: "You maybe even let someone see the buttons being pressed at the ATM or Tesco's till."

If PIN authentication is done locally rather than by a secure database transaction, then there is absolutely no way whatsoever that anyone can say this scam hasn't been perpetrated.

So if you lose your card or if it gets cloned in a swipe pass, it turns out it's no safer than any of the old type. How do you feel now?

Fat Pop Do Wop 12 February, 2010 10:22 Reply

Calling EMV broken is laughable. First EMV supplys a variaty of options that are scalable in complexity and security. For example SDA, EMV covers the possibility of a static authentication, is it safe? not realy. Replay attacks are super easy.
About the attack this guys use. DDA, that means dynamic authentication ,where unlike SDA the cryptogram is not static, meaning that replay attacks are not possible. HOWEVER it does not prevent WEDGE attacks or man in the middle, whatever you want to call it. This DDA weakness, as the SDA weakness are documented, reading it right now in one famous card issuer company (TOP3), that even don't allow cards issued with DDA and SDA , this document is 4 years old.
There is a 3 option CDA, this avoids both MITM and Replay attacks. It very similiar to DDA, but adds one level of security, it puts all the sensitive data INSIDE the crytogram, including the PIN OK verification, this guaranties that the PIN OK comes from the card, as the card is the only one that can generate the cryptogram (Private Key). Making this kind of attack impossible without cracking the private keys .

Concluding, Its the issuers responsability to implement the best options for the level of security to their needs.
The weakness here is TOTALY the issuers fault.

PS. this is not a genius attack, it's a well none fact to EMV, it's not a dirty secret. Making news of this is just.. wierd.

Mankin 12 February, 2010 14:40 Reply

It amazes me that everyone argues over the (usually technical) detail without ever mentioning the much bigger flaw in the Chip and PIN system. Four digits, or any number of digits for that matter, are simply not a reliable mandate. They are not inextricably linked to the individual. Any person or any device that comes up with the numbers, or their abstracted equivalent, can authorise the transaction. How can that possibly be a reliable manadate?

Try proving you didn't look after your PIN to a bank who has lobbied to get legislation on its side and is determined to cut it's losses through fraudulent use. Then you see the whole point of the system - it is your loss now not the banks.

Even more staggering is they say it was an authorised transaction based on their secretive assessment so, therefore, you didn't look after your PIN. Try proving otherwise.

Mr Simple 15 February, 2010 11:27 Reply

Post your comment

In order to post a comment you need to be registered and logged in

Log in or create your ZDNet UK account below

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ

ZDNet UK Live

Jack Schofield

@apexwm >> "They can save maybe up to 1% of their IT costs" > I'd like to know how you propose this number? MS Office costs hundreds > per copy,...

1 minute ago by Jack Schofield on Late starters to Windows 7 migration may find it more costly, says Gartner
Jack Schofield

@apexwm > I would be curious to know what exactly they mean by "mini-notebooks are > less-than-perfect substitutes for standard low-end laptops"....

26 minutes ago by Jack Schofield on While PC shipments will grow to a million per day, netbooks are in decline
superglaze

Digital Britain author attacks the government for delaying the 2Mbps universal service commitment http://bit.ly/ciAS2s

LarsTS

Researchers at Norwegian and German institutes claim to have successfully cracked quantum cryptography equipment http://bit.ly/bfQQRt

benrothke

Quantum crypto detectors cracked by researchers http://tinyurl.com/32orrr8 @schneierblog - your thoughts?

dominic_victor

Suse Linux Enterprise Server for VMware ships: By Jack Clark, ZDNet UK, 2 September, 2010 17:11 VMware and Novell ... http://bit.ly/bL9BMy

Bhackett10

RT @ZDNetUK_News: Dell abandons battle to buy 3Par: HP has won the short, sharp race to add the data storage management company to i... http://bit.ly/aLg1tA

ZDNetUK_News

Suse Linux Enterprise Server for VMware ships: Businesses that buy vSphere licences will get SLES free of charge, ... http://bit.ly/adlav5

superglaze

Dell abandons battle to buy 3Par http://bit.ly/920Spv

qbspchelp

RT @ZDNetUK_News: iOS 4.2 available for iPad in November: The operating system update will allow wireless printing and audio and vid... http://bit.ly/azstPx

superglaze

@gruber @daringfireball It's here, but will it get used? Universal wireless charger standard gets public release http://bit.ly/doJO2u

ZDNetUK_News

Universal wireless charger standard gets public release http://bit.ly/cCdlZv

IP_v6

#IPv6 repost RT @pixeladdikt: RT @RIPE_NCC: ~"IPv6 news: using #IPv6 to connect everything http://bit.ly/dtJvh3 " ... http://bit.ly/aRkCNT

paulallen77

Windows Phone 7 released to manufacturers http://bit.ly/addml7

ImGoneBuzzirk

Windows Phone 7 released to manufacturers http://bit.ly/b9oigT

trejrco

RT @pixeladdikt: RT @RIPE_NCC: ~"IPv6 news: using #IPv6 to connect everything http://bit.ly/dtJvh3 " +ArchRock :)

Droid_Phone

Carter attacks coalition over 2Mbps delay http://bit.ly/aPTmax | #Droid #Android

Droid_Phone

Windows Phone 7 released to manufacturers http://bit.ly/9rL0sc | #Droid #Android

First Take

Tony - on the 28th, Hotmail EAS on iPhone didn't work because it wasn't publicly available then. Ignore the email, which was part of the internal...

6 hours ago by First Take on Hotmail Exchange ActiveSync
BrenoVale

RT @RIPE_NCC: Exciting IPv6 news: using #IPv6 to connect everything from people's homes to the smart grid http://bit.ly/dtJvh3 (by @mlamonica)

Latest in Security Threats

USB drive malware caused worst US military data breach

Rustock botnet responsible for 39 percent of all spam

Google investigates Android app licence hack

Featured white papers

The benefits of email archiving

Email archiving lowers the risk of being unable to find important documents and help in achieving regulatory compliance and answering litigation requests.

Download now

Cloud Computing - What does it really mean?

Technology transforming business - The term cloud is used as a metaphor for the Internet, based on how theInternet is depicted..

Download now

Out-of-box Comparison Between Dell, HP and IBM blade servers

This compelling paper by Principled Technologies compares out-of-box experiences on Dell PowerEdge M600 Blade System, HP BladeSystem..

Download now

Inside ZDNet UK

Broadband Speed Test

How fast is your broadband?

Join ZDNet UK on Facebook

Join ZDNet UK on Facebook

White Papers

Free technology white papers

Downloads

Browse our free downloads

Jobs

Search for a new job

Hot Topics

ZDNet UK hot topics

Storage Resource Centre

Storage Resource Centre