Technical reports
The smart card detective: a hand-held EMV interceptor
December 2012, 55 pages
This technical report is based on a dissertation submitted by the author for the degree of Master of Philosophy (Advanced Computer Science) to the University of Cambridge, Darwin College.
DOI: 10.48456/tr-827
Abstract
Several vulnerabilities have been found in the EMV system (also known as Chip and PIN). Saar Drimer and Steven Murdoch have successfully implemented a relay attack against EMV using a fake terminal. Recently the same authors have found a method to successfully complete PIN transactions without actually entering the correct PIN. The press has published this vulnerability but they reported such a scenario as being hard to execute in practice because it requires specialized and complex hardware.
As proposed by Ross Anderson and Mike Bond in 2006, I decided to create a miniature man-in-the-middle device to defend smartcard users against relay attacks.
As a result of my MPhil project work I created a hand-held device, called Smart Card Defender (SCD), which intercepts the communication between smartcard and terminal. The device has been built using a low cost ATMEL AT90USB1287 microcontroller and other readily available electronic components. The total cost of the SCD has been around £100, but an industrial version could be produced for less than £20.
I implemented several applications using the SCD, including the defense against the relay attack as well as the recently discovered vulnerability to complete a transaction without using the correct PIN.
All the applications have been successfully tested on CAP readers and live terminals. Furthermore, I have performed real tests using the SCD at several shops in town.
From the experiments using the SCD, I have noticed some particularities of the CAP protocol compared to the EMV standard. I have also discovered that the smartcard does not follow the physical transport protocol exactly. Such findings are presented in detail, along with a discussion of the results.
Full text
PDF (2.8 MB)
BibTeX record
@TechReport{UCAM-CL-TR-827, author = {Choudary, Omar S.}, title = {{The smart card detective: a hand-held EMV interceptor}}, year = 2012, month = dec, url = {https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-827.pdf}, institution = {University of Cambridge, Computer Laboratory}, doi = {10.48456/tr-827}, number = {UCAM-CL-TR-827} }