Solder a 0.3mm chip onto a credit card and Chip-and-PIN is yours to pwn


#1

[Read the post]


#2

“Fraudster” sounds so cute, almost like an antique car or a comedy routine.


#3

So, if my fingers are feeling a little shaky, how long before I can order these in units of 1000 from my favorite Pacific Rim cheap 'n cheerfuls?

If an attack actually requires artisinal fraud gnomes to carry out, it’s likely to be small scale enough to be written off as a cost of doing business(just as CC companies have done with the even weaker mag-stripe situation: keep watch for oddities to clamp down before the numbers get too high and write off the rest); but if stolen chip cards are being shipped by the bale for rework(given that removing and re-balling, then selling, SoCs and application processors is something that people can actually live on in manufacturing hubs, I imagine that the per-card cost will be damn low) and then brought back for use, they have a problem.


#4

They’re all switching to contactless now anyway, so as long as someone holds your card, they can spend up to £30 without any need for authorisation. So there’s that.


#5

Wait, a min hold the phone.

The CARD authenticates the PIN + User rather than the remote bank?

What the heck? Why isn’t the PIN HMAC’ed by the card and sent to the remote system?

Why would any reasonable cryptographer even suggest a protocol like that? Why was this trade-off made?


#6

Or $100 CAN.


#7

If memory serves, the role of the PIN in proper smartcard authentication is reasonably sensible(the smartcard IC contains the actual cryptographic token, and is supposed to never reveal it, just prove knowledge of it by challenge/response), while the PIN is just a minor anti-theft feature(it’s entirely unrelated to the actual cryptographic challenge/response; but the smartcard will refuse to perform any challenge/response auth unless provided with the correct PIN), designed to keep mere physical possession of the smartcard from being sufficient. Basically the same thing as GPG key passphrases: the actual security is in the GPG key’s cryptographic goodness; the passphrase just makes it somewhat harder for somebody who snags the keyfile to immediately start using it.

I’m not sure how much violence to this basic concept the payment card people did in the process of implementing their thing, however.


#8

Right – but it looks like they put a shim chip in there, that allows the card authentications step to proceed, but then fakes the pin authentication step, and proceeds to the transaction authentication step.

If the PIN was encrypted by the card and transmitted along with the transaction to the bank, the bank could decrypt it and verify it, and only approve the transaction then.

Part of deploying a card would be installing the public key of the bank’s private key on that card.


#9

#10

Time is money. There is a measurable cost to making the customers wait that much longer for a proper round trip authentication.


#11

It seems bizarre (and stupid) to trust the card to tell you whether or not the person holding the card has entered the correct PIN. You might as well just abandon the PIN altogether and ask the cardholder IS THIS YOUR CARD? [Y/N]

I didn’t see any info regarding the validity of the cards themselves (whether they were legit, stolen cards or dummy cards with a stolen card number written to the mag stripe), but this whole deal seems to suggest that you’re not truly safe as long as you’re handing out your actual card number, and further reinforces the value of systems that only hand out one-time card numbers (Apple Pay and its ilk).


#12

That’s a lot of Tim Hortons!


#13

I am so sad they’re getting rid of Canadian Tire money!
Its the oldest customer loyalty program in Canada, but its untrackable, so useless for marketing or modern retail methods. Now we’re getting a generic points card… and what about all those charities that depend on Canadian Tire money donations? Can we now donate points? Bah! Some things about the digital age piss me off!


#14

The United States is not getting Chip+PIN cards. No worries there!! Nope. The banks have decided we don’t want anymore PINs. We are getting Chip & Sign. When you use the card, you sign the pad, just like with the cards with strips. Also means a thief with your card can just squiggle anything and not have to doctor up the card like them Belgian thieves.

I oftentimes sign the pad with a smiley face.

Note to Americans going elsewhere - your chip card will work, but instead of entering a PIN, you get a piece of paper to sign. Not a big deal, but it does prevent you from using your credit card at automated machines more often than not, like at unmanned gas stations.


#15

Canadian money is issued by tire shops instead of banks? Cool!


#16

The pin is verified on the card to deal with times where you can’t access the bank - e.g. a moving train or plane will have periods without signal.

The card verifying the pin isn’t necessarily a bad thing, however the fact that the response apparently doesn’t need signing with something allows man in the middle attacks like this.

Security is hard. Anyone can write a system they cannot break. Writing one that no one else can is very tricky


#17

Security his hard, but verifying the PIN on the piece of equipment that can easily be faked is stupid. It’s the whole DRM thing all over again. If you give someone a DRM’d file, then you will always be able to break the DRM, usually pretty easy. It’s much safer to make people play on your servers, and check all their authentications with the hardware you own. That’s why CS:GO doesn’t really have much of a problem with people trying to play for free with a cracked copy of the game, while downloaded music and video with DRM baked into the file is essentially pointless.


#18

I did encounter one place in Australia a few years ago where the cashier was confused by the idea that my (Anerican) credit card didn’t have a PIN.

Also, recently I went to a pharmacy in the Netherlands that only took Mastercard (odd), which unfortunately at the time was the only one of my credit cards not to have a chip, so I had to go to the ATM and pay a worse exchange rate. The next morning I got an email that the issuer had just mailed me a chip enabled card.


#19

Also, it’s easier to design a lock which cannot be opened at all, than one which can only be opened by a specific party.

I prefer the former.


#20

ಠ_ಠ

Everyone knows, Everyone. If they have physical access to the hardware, you cannot trust it hasn’t been compromised. WTF were they thinking trusting the card?