Over the last decade or so, credit and debit cards used in Europe have migrated from “magnetic strip” cards – the kind of card generally used in the US, which is only capable of recording information – to “smart cards”, which contain both memory and a processor. These cards generally are used with a payment authorization system known as the EMV protocol (from Europay, MasterCard, and Visa), which under most circumstances requires the purchaser to insert the card into a reader, and then enter a PIN into a keypad on the reader. (The system has been branded as “Chip & PIN” in English-speaking countries.) The system was developed by the banks and card issuers, and sold to the public, as a way to improve security and decrease fraud.
A group of security researchers at the University of Cambridge, led by Professor Ross Anderson, has just published a draft paper (PDF), to be presented at the IEEE Security and Privacy Symposium in May, that demonstrates a fundamental flaw in the EMV protocol, and gives examples of successful attacks that exploit the flaw. The exploit is a “man in the middle” attack, which interposes additional processing between the smart card and the merchant’s terminal. (Although the demonstration apparatus involves a laptop PC and is thus fairly conspicuous, a miniaturized version would not be very difficult to construct.)
The attack is possible because, when the card is inserted into the terminal, there are actually several different authentication transactions going on:
- Card Authentication This assures the terminal that the card is authentic, that its data has not been tampered with, and identifies the issuing bank.
- Cardholder Verification This assures that the cardholder has entered the correct PIN, or that the merchant has verified the cardholder’s signature.
- Transaction Authorization This checks with the issuing bank to verify the transaction is approved: within the credit limit, card not reported stolen, and bank-specific fraud screening.
The vulnerability arises because there is no place in which all three steps are necessarily tied together. (The protocol has enough flexibility, or slop if you prefer, to allow an individual issuing bank to partially implement this check, but almost none of them do.) So, for example, the Transaction Authorization Step just accepts the merchant terminal’s statement that the PIN was entered correctly. And the terminal makes this claim based on a sub-protocol in which the terminal sends the entered PIN to the card, which compares it to an encrypted PIN stored on the card; the card then gives a OK/Fail response. The attack essentially tells the terminal that a correct PIN was entered, and tells the card that signature verification was successful, so they are both happy; and since the bank accepts their assurances, it’s happy too. The transaction receipt has the legend, “Verified by PIN”, so there is nothing to alert the merchant that something fishy is going on.
If the attack mechanism can be turned into a “product” (and I see no reason why that could not be done), this is a very big deal. There are several hundred million EMV smart cards in circulation, issued by several thousand different banks, and almost all of them are potentially vulnerable. Making a change to the protocol to fix this flaw would be a enormous undertaking. (It took the better part of 20 years to negotiate and agree the existing protocol in the first place.)
Another obstacle to resolving the problem is our old friend, the economic externality. One of the banks’ goals in introducing the system was to shift the liability for fraudulent transactions to someone else: to the merchant, in the case of transactions authenticated by signature, and to the cardholder, in the case of transaction authorized by PIN. This shift has been largely successful, so that now, the parties who control and deploy the system (the banks) have the least direct incentive to fix the problem.
Interestingly, the attack will not work if the EMV smart card is used as an ATM card, to withdraw cash. In that case, the PIN is verified online against the bank’s database, so the man-in-the-middle attack is not feasible. One of the reasons this is not done for other (e.g., retail) transactions is that, at the time the EMV standard was being developed, data communications services, typically provided by the state-owned telephone utility, were expensive and hard to get. That meant that fraud with lost or stolen card was a much bigger problem than it was in the US, where virtually every merchant’s terminal for magnetic-stripe card had at least a dial-up connection for transaction authorization.
Update Tuesday, February 16, 16:00 EST
There is a blog post at the BBC site with a video of the attack demonstration.