Magical things from my head and the Web
PROBE MY SOUL (and/or my butt) http://formspring.me/davewilliams
Here is how I think that Chip & PIN should work. Every part of the system should be considered untrusted, with the potential exception of the firmware on the card itself.
Why do I like this?
However, the crypto required to make this even vaguely secure has been considered too much effort by the financial institutions. The system actually works something like this:
Yup, that’s right. The reader sends the card the entered PIN, the comparison is done on-card (which is at least better than the card sending the PIN and doing the comparison on-reader, I suppose). Then the card sends the reader back a non-cryptographic, completely replayable hex string to permit the transaction.
The attack described here works, very simply, by replaying 0x9000 at the right time. The card reader then quite happily lets the POS terminal (and the bank) know that the transaction has been verified, prints ‘Verified by PIN’ on the receipt, and voila.
This is actually a lot more sinister than it sounds, because under the terms of Chip & PIN, if a transaction is verified by PIN…the risk rests on the consumer, not the bank or merchant. If you are defrauded with this attack, you are responsible for the loss.
Not cool.
Chip & PIN has done a lot of good. Fraud has gone down. That said, the current strategy of responding to this attack by sticking grubby fingers in corporate ears and pretending it doesn’t exist is not the right way to deal with a threat to your technology.
Solutions are out there, and they’re not even particularly hard to implement. If you’re going to blame customers when they’re defrauded, you’d better have a bloody good idea that your system is both secure enough and capable of being fixed when (not if) attacks are discovered.
