EMV flaw allows 'pre-play' attacks on chip-enabled payment cards
Cambridge university researchers find weaknesses in the EMV protocol that can facilitate cloning-like attacks for chip-and-PIN payment cards
IDG News Service - Many automated teller machines (ATMs) and point-of-sale (POS) terminals fail to properly generate random numbers that are required by the EMV protocol to securely authenticate transaction requests, according to a team of researchers from the University of Cambridge in the U.K.
The use of defective random number generation algorithms make those payment devices vulnerable to so-called "pre-play" attacks that allow criminals to send fraudulent transaction requests from rogue chip-enabled credit cards, the researchers said in a paper released Tuesday.
The EMV (Europay, MasterCard and Visa) standard requires the use of payment cards with integrated circuits that are capable of performing specific cryptographic functions. These cards are commonly known as chip-and-PIN cards, EMV cards or IC (integrated circuit) cards.
EMV-compliant devices need to generate so-called "unpredictable numbers" (UNs) for every transaction request in order for the card issuers to verify the "freshness" of these requests.
Older versions of the EMV specification didn't provide clear instructions for how these random numbers should be generated and only required that payment devices generate four different consecutive UNs to be compliant.
"So, if you're a programmer, you can implement this as a counter," said Ross Anderson, professor of security engineering at Cambridge University and one of the paper's authors. "We found ATMs and PoS terminals where this is what they [the manufacturers] seem to have done."
The researchers analyzed UNs generated for over 1,000 transactions by 22 different ATMs and 5 PoS terminals in the U.K. and searched for patterns that would suggest the use of weak random number generation algorithms by those devices. They also reverse engineered ATMs acquired from eBay to inspect their UN generation algorithms.
When a payment device wants to initiate a transaction it sends the transaction details -- the amount, the currency, the date of the transaction, etc. -- to the EMV card inserted in its card reader together with a UN generated on the fly.
The card uses a secret encryption key that is securely stored on its chip to compute an authorization request cryptogram (ARQC) from the transaction data and the UN. The payment device then sends this cryptogram together with the encrypted PIN and the UN in plain-text form to the card issuing bank for verification.
The bank decrypts the ARQC and validates the information inside. It also compares the UN found inside the cryptogram with the plain-text one and if they match, it treats the transaction as fresh and authorizes it.
The payment device could end up generating predictable numbers instead of random ones due to a bad design, Anderson said.
It is better for the bank to generate the UN and send it to the card, he said. Then the card would use the unpredictable number and the transaction details to compute an ARQC, which would be sent back to the bank for verification.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts