Two Cambridge researchers have devised a relay attack with a hacked chip and PIN terminal that could enable attackers to bypass bank card security measures.
Saar Drimer and Steven Murdoch, members of the Cambridge University Computer Laboratory, demonstrated in January how they could modify a supposedly tamper-proof chip and PIN terminal to play Tetris. They have now extended the hack to demonstrate how they can compromise the system by relaying card information between a fake card and a genuine one.
Chip and PIN, introduced last year, is a security measure in which a customer must enter a four-digit code when they use a credit or debit card. The researchers argue that the system is not as secure as the banking industry claims.
Details of the prototype attack were released on Monday. In it, Drimer and Murdoch demonstrate how a chip and PIN system could be compromised to steal diamonds.
How the scam works
In the scenario, as explained to ZDNet UK by Drimer, a customer attempts to pay a restaurant bill. They enter their card details into a terminal that looks real, but has actually been tampered with. It is not connected to their bank, but instead to a laptop in the restaurant.
The terminal is completely under the control of a criminal, who has modified the hardware to relay the card information to the laptop of an accomplice, for example in a jewellery shop across town. This laptop can receive the information relayed from the legitimate card in the restaurant, and is connected to a modified bank card.
In the prototype system built by Drimer and Murdoch, the chip has been removed from the modified card, and wires to the card run up the sleeve of an attacker and connect to the laptop in a rucksack. Such a setup could arouse suspicion if detected, but the researchers believe it is possible to make the card more difficult to detect by using an RFID chip which could communicate wirelessly with the laptop.
The laptop is linked to a second laptop back in the restaurant by a GSM connection. Wi-Fi could potentially be used instead, the researchers said.
The victim places their card into the modified terminal and enters their PIN, and the criminal texts their accomplice, who is at a jeweller's shop, to start the heist. The accomplice enters the fake card into the jeweller's terminal. All transactions from the jeweller's terminal are relayed via the fake card, laptops, and fake terminal to the legitimate card.
This links the jeweller's terminal to the victim's bank. As the criminal controls the terminal in the restaurant, they can make it display that the victim will pay £20, when in reality the victim is being charged £2,000 at the jeweller's for a diamond ring.
During this relay attack the criminal doesn't need to hack into any systems or run any decryption, as data is simply being relayed from one terminal to another.
The researchers were unwilling to reveal too much of the technology behind the attack, as they don't want their methods falling into the wrong hands. Nevertheless, they were able to tell ZDNet UK that they used a Field Programmable Gate Array (FPGA) — a semiconductor device containing programmable logic components and programmable interconnects — in the fake card."The restaurant patron has got their meal for free, as the £20 has never been charged," Drimer told ZDNet UK. "But they will have been charged £2,000 at the jeweller's."
Drimer claimed the fraud would be difficult for police to trace, as the victim might only notice once they received a bank statement. They would need to remember where they were when the fraud occurred, as the transaction would show from the jeweller's, not the restaurant.
"A criminal could have a fast turnaround from this type of attack — most likely it would not be detected," said Drimer.
Finding a fix
This kind of attack could be difficult to execute in practice. One problem is that the victim's card must remain inside the fake terminal for the duration of the transaction. Also, the accomplice can't begin the transaction until the victim's card is being processed, which could arouse suspicion.
The researchers have developed methods to counteract this type of attack. They said that the most successful method was to extend the EMV protocol so that the terminal could detect how far away the real card was in the transaction.
They did this by adding an extra step to the method in which the cards talk to the terminal. Normally there's a cryptographic handshake — the terminal sends a random number to the card, the card encrypts the number with some other details, and sends it back to the terminal.
The extra step the researchers added is that the terminal sends the card a single bit challenge — a 0 or 1 — and the card responds in kind. The terminal can record how much time elapsed between sending and receiving the response, which would be a few nanoseconds in a normal transaction.
As the attacker can't relay information faster than the speed of light, an upper time limit can establish how far the terminal is from the card.
The researchers' goal was to prove that chip and PIN systems are not infallible.
"Chip and PIN currently does not defend against this attack, despite assertions from the banking community that customers must be liable for frauds in which the PIN was used," said the researchers, in an as-yet-unpublished paper.
"When customers pay with a chip and PIN card, they have no choice but to trust the terminal when it displays the amount of the transaction. The terminal, however, could be replaced with a malicious one, without showing any outward traces. When the customer pays for a low-value product and enters the PIN into the terminal, the challenge from a different shop selling a far more expensive product could be relayed to the card. The PIN and response from the card could likewise be relayed back to the other shop, which will accept the transaction," the researchers warned in their paper.