PIN Entry Device (PED) vulnerabilities
The UK banking industry chose to deploy Chip & PIN cards that do not encrypt the data exchanged between the card and the PED during a transaction. By tapping these communications, fraudsters can obtain the PIN and create a magnetic strip version of the card to make ATM withdrawals in the UK and abroad. We examined two of the most popular PEDs used in the UK and found that cardholders are exposed to simple and cheap attacks.
Our investigations of why this failure took place also discovered flaws in the certification system which is supposed to protect customers. Overall responsibility for certification lies with the banking industry itself and the process of evaluation is hidden from the public. Despite our findings, none of the PEDs we examined are to be removed from service.
The full results of our study are to be published at the IEEE Symposium on Security and Privacy. An extended version of our paper is available online as technical report UCAM-CL-TR-711: "Thinking inside the box: system-level failures of tamper proofing". The key findings are summarised in our press release. Our work was featured on Newsnight, BBC2, 26 February 2008. A video of the segment is also available (alternate version: part 1 and part 2).
Following our November 2007 notification, in February 2008, we asked APACS, GCHQ, Visa, Ingenico, and Verifone a number of questions. Ingenico did not reply. The responses we did receive are:
Questions and answers
Why does the "tapping attack" work?
Data is not encrypted between the card and the PED. To initiate a transaction, the card sends its details to the PED. The PED also sends the customer's PIN to the card for verification. Both of these exchanges are unencrypted, and together contain enough information to create a fake card. This card, which has a correct magnetic strip but no chip, can be used in shops in countries which don't yet use Chip & PIN. It can also be used to withdraw cash from ATMs abroad, because the fraudster also has the correct PIN recorded. Fake cards may also work in some UK ATMs which still accept magnetic-strip only cards.
How can the attack be prevented?
The banks can do more to prevent such attacks. The more expensive DDA (Dynamic Data Authentication) cards allow the PIN to be encrypted and so preventing it from being intercepted. Banks could also block magnetic strip transactions, but this would prevent use of cards abroad. They could also alter the copy of the magnetic strip stored on the chip, replacing it with an "iCVV". APACS states that all UK cards issued since January 2008 have an iCVV, but our own testing in February 2008 shows this not to be the case.
When did you contact the banking industry?
In November 2007, we informed APACS, GCHQ, Visa, Ingenico and, Verifone (Dione) of our findings and sent them a draft copy of our paper stating that it would be released in January/February 2008. All except Visa acknowledged receipt, but we did confirm that Visa downloaded the paper from the address we sent them.
APACS were notified that Newsnight would be featuring our work on 21 February 2008. On Friday 22 February 2008, they asked us for some clarifications to our paper. This was over three months after our original notification in which we offered to answer any queries our work raised. Prior to this we received no requests for assistance. On 27 February 2008 we answered the questions APACS raised.
Is there anything that customers can do?
Perhaps, but not much. Since January 2008, some banks have issued iCVV compliant cards, which are less vulnerable to fraud. Customers could ask their bank to re-issue their card, to help defend against the attack we describe here, and other variants criminals are using.
Otherwise, there is not much customers can do. The Dione tap is hard to spot, and the Ingenico one is completely enclosed by the terminal.
Aren't PEDs and terminals supposed to be tamper-resistant?
Yes, but they aren't. The designers of the PEDs we examined failed to stop the simple attacks, and in fact the devices have curiously placed holes and contacts that make these attacks even easier. The PEDs do have some anti-tampering mechanisms (such as lid switches, sensor meshes and epoxy encapsulated hardware), yet they are mostly used to protect the banks' security rather than the cardholders'.
Who approved these PEDs?
Visa and APACS. Both PEDs we examined were approved by Visa, and the Ingenico was additionally approved by APACS. APACS and Verifone (the manufacturer of the Dione PED) have refused to tell us who evaluated the PEDs or let us see the reports. Ingenico has not responded to our questions.
The Ingenico PED is Common Criteria approved. What does this mean?
Not very much. Common Criteria is a system for certifying product security. It is operated by a network of government-appointed bodies, such as GCHQ in the UK or the NSA in the US. The Ingenico PED was not certified under this scheme and GCHQ has no knowledge of the device. It was actually certified by APACS on the basis of a secret report from an undisclosed laboratory.
Now that vulnerabilities are exposed, will the certification be withdrawn?
No. APACS are responsible for certifying the Ingenico terminal, and will not revoke the certification. Visa did not respond to our questions.
What may be the cause of these vulnerabilities?
There can be many causes. The primary cause, in our opinion, is the banks' lack of emphasis on the security of cardholder data, or the lack of the right incentive structure to improve security. If protecting customers were a higher priority then they would have spent the extra money on technologies such as PIN encryption and iCVV that make card cloning more difficult.
Wouldn't merchants detect tampered-with PEDs?
They might if they were trained to do so, but they aren't. There are also corrupt merchants, and staff may be coerced into installing tampered PEDs. The banks seem to assume that merchants are honest and base their security outlook on this incorrect assumption.
Why are you doing this work?
Previous documents have warned about the possibility of this type of attack, though we have not seen any action to stop it. There are cases currently in court in which criminals are accused of stealing eight-figure sums using tampered terminals, but these will remain sub judice until details become public. Meanwhile customers who complain about phantom withdrawals are just told that the banks' systems are secure.
We therefore bought the two most popular PEDs on eBay and analyzed them to see if they are as secure as claimed. Our intent is twofold: reducing fraud and empowering defrauded cardholders during disputes with banks. It seems that public pressure is the only effective way in pressuring the banking industry to adopt sound security practices.
How much does it cost to implement this attack?
Very little. As described in some detail in our paper, the basic attack tool is a paper clip. In order to record and analyze transactions a couple hundred pounds' worth of equipment is required, in addition to some digital design experience.
Aren't you helping criminals?
No. Criminals are already using tampered terminals to forge bank cards. We are not teaching them anything new. Detailed information on criminal activity has been kept out the public domain by the sub judice rules. This leaves customers at a disadvantage when they complain, and lessens the pressure on vendors to design better terminals.
Security systems improve as vulnerabilities are disclosed to the people that can fix them. We have privately informed affected organisation of our findings over three months prior to public disclosure. The replies we received indicated that no immidiate improvement to security will be made. The banking industry even argued that the attacks we describe will not adversely affect cardholders; we strongly disagree with that assessment.
Fraud is actually happening. Furthermore, prior work by other researchers and organisations already warned about the possibility of such vulnerabilities over the past three years, yet nothing has been done about it.