Recently researchers at Cambridge examined the protocol between EMV banking chip cards and point of sale terminals and demonstrated an attack against the system where they make a payment without inputing the correct pin. This attack is trivial. I’m not talking about the research which is not only interesting but complex in nature. What I’m saying is, the system is fundamentally flawed and so trivial attacks are possible. I’m not exaggerating, a computer science undergrad could have come up with a better system. He wouldn’t even have to think too hard. He’d just need to copy it from a textbook.
The press always makes this things more spectacular than they actually are so to back up my claims we’re going to design a point of sale payment system and see what we can come up with. We’ll start with the chip in the card. This is small processor that’s designed to do cryptographic operations and hold secret information. This chips have been in use for a few years and are effective. Effective here means unless you’ve stollen Bill Gates’ card chances are you’ll steal less money than it would cost you to attack the card itself. Also, given people notice cards are missing odds are the card will be revoked before you get results from an attack on the chip. So, for this purpose, we’ll consider the chip effective. Unfortunately, as far as I know, most cards issued to this date are issue with ineffective chips and are similar to the old magnetic strip cards. We’ll ignore those and design for effective chips.
The chip knows 2 things, one is your pin to authenticate you and the other is a secret to authenticate itself with the bank. When the chip is reasonably convinced the person using the card is who he claims to be, through providing the correct pin, it will use its own secret to create a command the point of sale can send to the bank. The bank in turn will look at the command it received, verify it was generated by the correct chip after seeing the correct pin (through the secret the chip shares with the bank) and if it’s convinced the operation is legitimate execute the payment command.
So to get this thing going we only need an operation between the point of sale and the chip. The point of sale provides the inputed pin and the transaction to the chip. If the pin checks out the chip encodes the transaction so that the point of sale can send it to the bank. It the pin is wrong the chip returns an error to the point of sale and it gets displayed to the user. This system is far from the perfect, the user must trust the point of sale won’t steal his pin (which can be used with the stolen card). The user must also trust the point of sale will ask the chip to encode the correct transaction and not some other debit. But the bank can trust the chip saw the right pin and making a better system would involve a slower system and a more complex and expensive chip. This of course is not the end of the story, the system needs to be properly engineered to ensure it’s trustworthy. The devil is usually in details like making sure the transactions are not repeatable (so that a malicious point of sale can’t just reissue the same transaction over and over) or that a stolen card will lock itself up after a number of attempts.
Now that we designed a working system lets look at how the actual system works. The Cambridge researchers found the system has not one but two separate operations, validate pin and encode the command (actually, there’s a lot more around this but the essence of the system can be described this way). The points of sale don’t have a validate pin operation so this doesn’t seem to make much sense, the separation comes from the huge amount of complexity existing in the EMV system. So lets try to design a system as secure as our original one but with this extra constraint (such is the life of an engineer). We’d have to relink the two operations making the command encoding depend on the pin verification. This is done by having the chip give a random number, called a token, to the point of sale when it validates the pin. The point of sale in turn passes this token back to the chip along with the transaction it needs encoded. The chip confirms the token is valid and encodes the command for the transaction, guaranteeing the pin was correctly entered. This is heavier on the chip but is nearly as secure as our method (some design flaws on the chip might make this method weaker). Now lets look at how the EMV system actually works. On their system the validate pin operation doesn’t return a token. It just says yes or no and then the point of sale decides how to proceed. As the observant reader probably realized we just placed a lot of trust on the point of sale, the trusted chip is no longer master of our pin but must instead rely on the point of sale doing the right thing (which might be go to signature authentication). An obvious attack is having a point of sale that doesn’t do the right thing. It might go ahead with the transaction when a wrong pin pin is entered or delay printing the receipt a bit and issue a few extra transactions. But there’s another weak link on the system, the point of sale to chip communication goes through an unsafe interface, the chip contacts and point of sale reader. That’s what the researchers attacked, they inserted a device between the card and the point of sale that always reported “pin ok” coming from the chip (I won’t go into details about how to do this, it’s not trivial but it’s not very hard either). This type of attack wouldn’t even exist in our initial system. On our modified two operation system the attack wouldn’t work cause the attacker can’t just inject a known reply into the stream. In fact, it would only be possible to attack the chip-point of sale interface if the chip had a design flaw on the verification of the tokens. In all truth the EVM system does include some safeguards designed not to prevent but to report this kind of inconsistency. However this safeguards are so poorly designed and implemented they are not effective.
So by employing advanced cryptographic chip technology EMV ended up with something worse than the decades old magnetic strip cards. The problem with magnetic strips is they are easily copiable so someone using a “skimmer” that reads the card and intercepts the pin (recently some skimmers where found attached to ATMs and physically tampering a point of sale terminal to skim card is fairly easy) can easily create a duplicate of the skimmed card and then use it together with the skimmed pin. As mentioned before most currently used chip cards employ simple chips and are as easy to duplicate as magnetic strips. That together with the attack above make them less secure than strip cards. Newer Pin and chip cards can’t be skimmed but on the other hand a robber can use just the card without bothering with the pin. There’s even deeper problems with this system caused by having the two separate operations. The ability to coax the card into generating encoded commands allows someone with access to a large stack of cards (stolen, old discarded or blank unissued) to run something called a plain text attack. The attacker generates large quantities of encoded text from known plain text and then analyses the encoded text to try to derive knowledge about the encoding system. A successful attack may, depending on how well the system is engineered, compromise the whole system an allow havoc like easy card cloning.
Congratulations. If you read through the article and were able to follow you are now better at designing payment card systems than EMV. This kind of absurd failures are usually the result of committee design and pressures from manufacturers to make the system cheaper to build or less interoperable so that it generates vendor lock-in. In this case there was also no effective independent review, a key element in successful design of security systems. Sadly, the specification seems to cover so many usage possibilities and provides such latitude to proprietary implementations of key features by individual banks it would would be impossible to review. More distressing even is the EMV was probably never meant to be secure. It was meant to be marketed as secure to stop credit card signature fraud claims from stores. And it’s arcane enough to thwart any attempt to prove pin fraud so the end user is stuck with the cost of the frauds. In fact, the researchers claim to have been contacted by a number of pin fraud victims where the banks and EMV just claimed misuse of the card and never even investigated on grounds of the system being secure. Considering the simplicity of the attack I’m sure a number of criminal rings, who actually put resources into cracking this kind of systems, have known about this for quite some time. I’m also sure the laws the media and make-believe-security industries are trying to push to the effect of banning security research would also prevent us, the public, to ever know about this gapping flaws.
Looking forward, the researchers list some ways the system could be improved but are hard to implement in practice cause it would mean changing a number of existing systems. There’s another way which sheds signature verification altogether, making cards only create a valid transaction within a reasonable time after a successful pin authentication is performed. This would make the chip a bit more complex and more expensive so I’m sure the banks would never switch to this type of cards. After all, they already managed to shift the liability to the end user so why bother with actually protecting their customers ? Easy, market the cards that actually work bundled with a fraud insurance and obviously, an extra monthly fee.