Department of Computer Science and Technology

Technical reports

The smart card detective: a hand-held EMV interceptor

Omar S. Choudary

December 2012, 55 pages

This technical report is based on a dissertation submitted by the author for the degree of Master of Philosophy (Advanced Computer Science) to the University of Cambridge, Darwin College.

DOI: 10.48456/tr-827


Several vulnerabilities have been found in the EMV system (also known as Chip and PIN). Saar Drimer and Steven Murdoch have successfully implemented a relay attack against EMV using a fake terminal. Recently the same authors have found a method to successfully complete PIN transactions without actually entering the correct PIN. The press has published this vulnerability but they reported such a scenario as being hard to execute in practice because it requires specialized and complex hardware.

As proposed by Ross Anderson and Mike Bond in 2006, I decided to create a miniature man-in-the-middle device to defend smartcard users against relay attacks.

As a result of my MPhil project work I created a hand-held device, called Smart Card Defender (SCD), which intercepts the communication between smartcard and terminal. The device has been built using a low cost ATMEL AT90USB1287 microcontroller and other readily available electronic components. The total cost of the SCD has been around £100, but an industrial version could be produced for less than £20.

I implemented several applications using the SCD, including the defense against the relay attack as well as the recently discovered vulnerability to complete a transaction without using the correct PIN.

All the applications have been successfully tested on CAP readers and live terminals. Furthermore, I have performed real tests using the SCD at several shops in town.

From the experiments using the SCD, I have noticed some particularities of the CAP protocol compared to the EMV standard. I have also discovered that the smartcard does not follow the physical transport protocol exactly. Such findings are presented in detail, along with a discussion of the results.

Full text

PDF (2.8 MB)

BibTeX record

  author =	 {Choudary, Omar S.},
  title = 	 {{The smart card detective: a hand-held EMV interceptor}},
  year = 	 2012,
  month = 	 dec,
  url = 	 {},
  institution =  {University of Cambridge, Computer Laboratory},
  doi = 	 {10.48456/tr-827},
  number = 	 {UCAM-CL-TR-827}