Chip & PIN is definitely broken Credit Card skimming ... - CanSecWest

Chip & PIN is definitely brokenCredit Card skimming and PIN harvestingin an EMV worldAndrea BarisaniDaniele BiancoAdam LaurieZac FrankenCopyright 2011 Inverse Path S.r.l.Chip & PIN is definitely broken

What is EMV?EMV stands for Europay, MasterCard and VISA, the globalstandard for inter-operation of integrated circuit cards (IC cardsor "chip cards") and IC card capable point of sale (POS) terminalsand automated teller machines (ATMs), for authenticating creditand debit card transactions.IC card systems based on EMV are being phased in across theworld, under names such as "IC Credit" and "Chip and PIN".Source: WikipediaCopyright 2011 Inverse Path S.r.l.Chip & PIN is definitely broken

Why EMV?ICC / smartcardimproved security over existing magnetic stripe technology“offline” card verification and transaction approvalmultiple applications on one cardCopyright 2011 Inverse Path S.r.l.Chip & PIN is definitely broken

Liability shiftliability shifts away from the merchant to the bank in mostcases (though if merchant does not roll EMV then liabilityexplicitly shifts to it)however the cardholder is assumed to be liable unless theycan unquestionably prove they were not present for thetransaction, did not authorize the transaction, and did notinadvertently assist the transaction through PIN disclosurePIN verification, with the help of EMV, increasingly becomes“proof” of cardholder presenceCopyright 2011 Inverse Path S.r.l.Chip & PIN is definitely broken

Liability shiftVISA Zero Liability fine print (US):Does not apply to ATM transactions, PIN transactions not processed by Visa, orcertain commercial card transactions. Individual provisional credit amounts areprovided on a provisional basis and may be withheld, delayed, limited, orrescinded by your issuer based on factors such as gross negligence or fraud,delay in reporting unauthorized use, investigation and verification of claim andaccount standing and history. You must notify your financial institutionimmediately of any unauthorized use. Transaction at issue must be posted toyour account before provisional credit may be issued. For specific restrictions,limitations and other details, please consult your issuer.Copyright 2011 Inverse Path S.r.l.Chip & PIN is definitely broken

EMV adoption03/2006 EPC Card Fraud Prevention Task Force presentation:“Ban of magstripe fallback foreseen (date to be decided)”as of 03/2011 magstripe fallback is still accepted pretty mucheverywhereCopyright 2011 Inverse Path S.r.l.Chip & PIN is definitely broken

EMV is brokenS. J. Murdoch, S. Drimer, R. Anderson, M. Bond, “Chip and PINis Broken” - University of Cambridgethe excellent group of researchers from Cambridge provedthat stolen cards can be successfully used without knowing thePINthe industry claims difficult practicality of the attacks, at leastone bank rolled out detection/blocking proceduresCopyright 2011 Inverse Path S.r.l.Chip & PIN is definitely broken

Skimming, Cloning and PIN harvestingskimmer: hidden electronic device that intercepts card terminal communication and collects available datawe analyze the practicality of credit card informationskimming, cloning and PIN harvesting on POS terminalswe intentionally ignore magstripe skimming (which is stilleffective and widely used) and focus on the chip interfaceCopyright 2011 Inverse Path S.r.l.Chip & PIN is definitely broken

ATM skimmersCopyright 2011 Inverse Path S.r.l.Chip & PIN is definitely broken

EMV skimmerswe predict that skimming the chip will become an extremelyappealing target to fraudstersthe chip interface is inherently accessibleit becomes impossible for the user to verify if the terminal hasbeen tampered as the chip interface is not visible (unlike mostmagstripe one for POS terminals)an EMV skimmer could go undetected for a very long timeand requires little installation effortCopyright 2011 Inverse Path S.r.l.Chip & PIN is definitely broken

Copyright 2011 Inverse Path S.r.l.Chip & PIN is definitely broken

Copyright 2011 Inverse Path S.r.l.Chip & PIN is definitely broken

EMV skimmertrivial installation by “hooking” with a special cardpowered by the POS itselfdata can be downloaded with a special card recognized by theskimmerlittle development effort + cheapCopyright 2011 Inverse Path S.r.l.Chip & PIN is definitely broken

EMV smartcardsinformation is stored on a filesystem organized in applications,files and recordsthe terminal talks to the card via APDU messages for readingrecords and issuing commandsExamples:00A404000E315041592E5359532E4444463031

Terminal ICC exchange1 | initiate application processing2 | read application data3 | offline data authentication (if indicated in the AIP)4 | cardholder verification (if indicated in the AIP)5 | issuer script processingCopyright 2011 Inverse Path S.r.l.Chip & PIN is definitely broken

Read application datastored with BER-TLV templates and read by the terminal, someexamples:tag name----|----------------------------------------4f Application Identifier (VISA)5f2d Language Preference (itenfrde)9f1f Track 1 Discretionary Data57 Track 2 Equivalent Data5f25 Application Effective Date5f24 Application Expiration Date5a Application PAN (credit card number)8e Cardholder Verification Method (CVM) List5f20 Cardholder Name9f36 Application Transaction Counter (ATC)9f17 PIN Try CounterCopyright 2011 Inverse Path S.r.l.Chip & PIN is definitely broken

EMV application data - magstripe cloneThe CVV (228) matches the magstripe one only for cards that donot use iCVV (a different stored value to protect against thisattack, introduced in January 2008 but not present on all cards)Copyright 2011 Inverse Path S.r.l.Chip & PIN is definitely broken

EMV application data - magstripe clonewhile the service code on the magstripe might indicate thatthe chip must be used, inserting a card without a readablechip will trigger magstripe fallback on all tested terminalsEMV skimmers cannot clone successfully to magstripe if iCVVis usedhowever it is fair to say that the possibility of massiveharvesting + being protected by a 3 digits code is not acomforting scenarioCopyright 2011 Inverse Path S.r.l.Chip & PIN is definitely broken

EMV application data - online usageapplication data can be used to perform Card Not Presenttransactions (online, phone, ...) with parties that do not checkCard Security Code (CVV, CVV2, ...) and do not employ 3-Dsecure (Verified by Visa, MasterCard SecureCode also knownas phishing heaven)if you think that the amount of websites that do not check thesecurity code is negligible...think againironically one of the authors has been defrauded on such siteswhile this presentation was being written...Copyright 2011 Inverse Path S.r.l.Chip & PIN is definitely broken

optional security codeCopyright 2011 Inverse Path S.r.l.Chip & PIN is definitely broken

Offline data authenticationdepending on the chip technology three methods areavailable: Static Data Authentication (SDA), Dynamic DataAuthentication (DDA), Combined Data Authentication (CDA)used by the terminal to validate the authenticity of the cardenables offline transactions where supportednever used by ATM (always online)Visa and MasterCard mandate all cards issued after 2011 touse DDACopyright 2011 Inverse Path S.r.l.Chip & PIN is definitely broken

Static Data Authentication (SDA) cardscheapest and most widely used technologyselected records (advertised by the card and customized bythe issuer) are signed with a static signaturesymmetric key is used for online transactionsoffline PIN verification is always cleartext8f: Certificate Authority Public Key Index (PKI)90: Issuer PK Certificate9f32: Issuer PK Exponent92: Issuer PK Remainder93: Signed Static Application DataCopyright 2011 Inverse Path S.r.l.Chip & PIN is definitely broken

Dynamic Data Authentication (DDA) cardschip is more expensive, rare usage as of 2011static data validation (against hash within certificate)dynamic data validation, terminal asks the card to sign data +random number with ICC PKICC PK embeds PAN (limiting private key usage to this card)offline PIN verification can be cleartext or enciphered8f: Certificate Authority Public Key Index (PKI)90: Issuer PK Certificate 9f46: ICC PK Certificate9f32: Issuer PK Exponent 9f47: ICC PK Exponent92: Issuer PK Remainder 9f48: ICC PK Remainder9f49: Dynamic Data Authentication Data Object List (DDOL)Copyright 2011 Inverse Path S.r.l.Chip & PIN is definitely broken

Chip cloningSDA cards can be cloned and used without PIN for offlinetransactions only (“Yes” card)DDA cards clone ineffective for offline and online transactions,however a valid DDA card can be used to pass offlineauthentication and perform fake offline transaction (not tiedto the authentication)offline transactions are rare in EUCopyright 2011 Inverse Path S.r.l.Chip & PIN is definitely broken

Threatsdata stealing: we discussed EMV skimming usage formagstripe cloning and online usagecard stealing: Cambridge research shows that stolen cards canbe used without PIN, hopefully this attack will be fixeddoes state of the art EMV usage really protect against PINharvesting and therefore the use of stolen cards?Copyright 2011 Inverse Path S.r.l.Chip & PIN is definitely broken

Cardholder verificationthe card advertises to the terminal the cardholder verificationmethod preference via the CVM List (tag 8E)Cardholder Verification Method (CVM) Condition Codes-----------------------------------------------------------------------------------------------------------------------------Bits Meaning Value8 7 6 5 4 3 2 10 RFU N/A0 Fail cardholder verification if this CVM is unsuccessful N/A1 Apply succeeding CV rule if this CVM is unsuccessful N/A0 0 0 0 0 0 Fail CVM processing 00 or 400 0 0 0 0 1 Plaintext PIN verification performed by ICC 01 or 410 0 0 0 1 0 Enciphered PIN verified online 02 or 420 0 0 0 1 1 Plaintext PIN verification by ICC and signature (paper) 03 or 430 0 0 1 0 0 Enciphered PIN verification by ICC 04 or 440 0 0 1 0 1 Enciphered PIN verification by ICC and signature (paper) 05 or 450 0 0 1 0 1 Enciphered PIN verification by ICC and signature (paper) 05 or 450 x x x x x Values in range 000110 – 011101 reserved for future use 06-1D/16-5D0 1 1 1 1 0 Signature (paper) 1E or 5E0 1 1 1 1 1 No CVM required 1F or 5F1 0 x x x x Values in range 100000 – 101111 reserved for future use 20-2F/60-6F1 1 x x x x Values in range 110000 – 111110 reserved for future use 30-3E/70-7E1 1 1 1 1 1 Not available 3F or 7FCopyright 2011 Inverse Path S.r.l.Chip & PIN is definitely broken

CVM Listthe CVM List is nowadays signed on all cards, therefore it isbelieved to be tamper proofif the preferred authentication method is Signature (paper),Enciphered PIN verified online or Enciphered PINverification by ICC then the PIN is not sent by the terminalto the cardit is believed that only when Plaintext PIN verificationperformed by ICC is present and selected from the CVM Listthe PIN can be harvested by the EMV skimmerCopyright 2011 Inverse Path S.r.l.Chip & PIN is definitely broken

Action Codesassuming a scenario with DDA only cards and a “secure” CVMList can we still harvest the PIN ?Issuer Action Codes (card) and Terminal Action Codes(terminal) specify policies for accepting or rejectingtransactions (using TVR specifications)Issuer Action Codes and Terminal Action Codes are OR'edthree kinds: Denial, Online, Default; the Online Action Codesspecify which failure conditions trigger online transactionsCopyright 2011 Inverse Path S.r.l.Chip & PIN is definitely broken

Action Codes Example9f0e Issuer Action Code - Denial (5 bytes): 00 00 00 00 009f0f Issuer Action Code - Online (5 bytes): f0 78 fc f8 009f0d Issuer Action Code – Default (5 bytes): f0 78 fc a0 00translation: “do not deny a transaction without attempting togo online, if offline SDA fails transmit the transaction online”in all tested terminals / cards we were able to manipulate theaction codes (when necessary) so that tampering with theCVM List would not result in offline rejectionCopyright 2011 Inverse Path S.r.l.Chip & PIN is definitely broken

CVM List downgradethe modified CVM List is honoured by the terminal whichmeans that Plaintext PIN verification performed by ICC canbe presented enabling PIN harvesting for SDA/DDA cardsCopyright 2011 Inverse Path S.r.l.Chip & PIN is definitely broken

transaction log: card with online PIN verification00a4040007a0000000031010 Select AID (VISA)00c0000027Get additional data80a80000028300Get processing options00c0000010Get additional data00b2010c00Read data files...00b2010c4000b201140000b20114c300b202140000b20214b200b2011c0000b2011c5200b2021c0000b2021c4580ae80001d...Generate AC (online transaction)...Copyright 2011 Inverse Path S.r.l.Chip & PIN is definitely broken

transaction log: same card with tampered CVM00a4040007a0000000031010 Select AID (VISA)00c0000027Get additional data80a80000028300Get processing options00c0000010Get additional data00b2010c00Read data files...00b2010c4000b201140000b20114c300b202140000b20214b200b2011c0000b2011c5200b2021c0000b2021c4580ca9f1700Get PIN try counter (unknown length)80ca9f1704Get PIN try counter (corrected length)0020008008241234ffffffffff Verify PIN (1234)80ae80001d...Generate AC (online transaction)...Copyright 2011 Inverse Path S.r.l.Chip & PIN is definitely broken

Backend detection8 7 6 5 4 3 2 1 Bits---------------------------------------------------------------------Terminal Verification Results (5 bytes, byte 1 shown)1 0 0 0 0 0 0 0 Offline data processing was not performed0 1 0 0 0 0 0 0 SDA failed0 0 1 0 0 0 0 0 ICC data missing0 0 0 1 0 0 0 0 Card number appears on hotlist0 0 0 0 1 0 0 0 DDA failed0 0 0 0 0 1 0 0 CDA failed---------------------------------------------------------------------CVM Results (3 bytes, byte 3 shown)0 0 0 0 0 0 0 0 unknown0 0 0 0 0 0 0 1 Failed0 0 0 0 0 0 1 0 SuccessfulCopyright 2011 Inverse Path S.r.l.CVM Results byte 1: code of CVM PerformedCVM Results byte 2: code of CVM ConditionChip & PIN is definitely broken

Backend detectionthe attack execution might be detected by the backend (via the TVRand CVM Results advertising failed data authentication andcleartext CVM) but blocking a card solely on this information doesnot feel like a realistic solutiona downgraded CVM List with offline PIN + fallback to online PINmight be used to “hide” cleartext CVMR by relaying the wrong PINfor the first CVM (however the customer would be prompted twice)(untested) it would be also possible for the skimmer to advertise astored valid SDA card with convenient CVM List for theauthentication phase, and using the real card for the transactiononly, this would result in “clean” TVR (for DDA too) and CVM ResultsCopyright 2011 Inverse Path S.r.l.Chip & PIN is definitely broken

Summaryan EMV skimmer poses a serious threat due to ease of installationand difficult detectionEMV data allows fraudulent usage on websites that performinsufficient validation (as well as magstripe clone for cards that donot use iCVV)the PIN can be always intercepted despite card type and CVM /Issuer Action Codes configurationstealing an EMV chip & pin card that was previously skimmedenables full usage and raises serious liability considerationsCopyright 2011 Inverse Path S.r.l.Chip & PIN is definitely broken

Recommendationsdespite industry claims about reduced fraud levels in ouropinion EMV is inadequate and overly complex, it should bereplaced with a simpler and cleaner solutioncorrectly implemented crypto should be performed betweencard backend (online) or card terminal (offline) fordouble authentication and preventing interception/man-inthe-middleattacks for every single step of the transactionterminals cannot be trusted, PIN input and verification shouldbe confined on the card itself (e-ink scrambled touchpad)Copyright 2011 Inverse Path S.r.l.Chip & PIN is definitely broken

http://www.inversepath.comhttp://www.aperturelabs.comsponsored by:http://www.integra-group.itCopyright 2011 Inverse Path S.r.l.Chip & PIN is definitely broken