Primero_247
Carder
Hallo All,
I'd like to tell You something in POS skimming but first..
I'm student of electronics and mechanisms, I can offer You some knowlage.. nowadays/soon ATM skimming will be more risky, Police and Depatments hardly working and Banks teaching customers how recognize skimmers and fake keypads or hidden cameras. Lets start the article, if somebody would like some help in that should contact me via email or pm.
Introduction
The EMV1 protocol suite hxxp: the technology underlying "Chip and PIN" hxxp: has now existed in one form or another for over ten years, though it has only been deployed in Europe for less than two years. Over this period there have been plenty of hypothetical attacks and fixes to the protocol in turn, yet it is only since deployment that there has been enough clarity to fully explore possible weaknesses both at a design and implementation level. In this paper, we look at the big picture of EMV, exploring the feasability of attacks exploiting the fundamental shortcoming of smartcard-based systems hxxp: lack of a trusted user interface. We then look at technical errors in the detail, specifically at how the bank's security API to receive and process messages from chip cards implements the required functionality; we show that several vendors have tripped up here. Finally we consider brand new attack modes that may become important in the future (once the easier vulnerabilities have been counteracted), specifically looking at combining technical sabotage attacks with the ever-problematic phising phenomenon. We hope that this whistle-stop tour shows that whilst EMV is undeniably a robust and secure payment protocol at heart, there is so much matter and
(*) EMV is named after the original contributing corporations: Europay, Mastercard and Visa
complexity around the edges to get wrong that there will be plenty to keep the criminals fed and watered in the future; we look forward in particular to phish and chips ! Section 2 of this paper describes eavesdropping and relay attacks, section 3 describes API attacks at the back end, and section 4 considers phishing attacks. We conclude in section 5.
2 Eavesdropping & Relay Attacks
While a smartcard is a very convenient form-factor to carry, it lacks a trusted user interface, unlike for instance a mobile phone. This means the PIN cannot be provided directly to the card, so there is the possibility of eavesdropping en-route. Lack of trusted display means there is no way to confirm who you are doing business with, and what amount is being transacted, so it becomes possible to relay the entire data stream to another location. Let's look at these two well-known drawbacks in more detail. 2.1 Eavesdropping POS Terminals
If account and PIN data can be eavesdropped from an EMV transaction at a Point-Of-Sale (POS) terminal, it is easy to make a magnetic stripe card containing that data, for fraudulent use in a foreign country where EMV is not supported. Eavesdropping equipment is already commonplace for unmanned ATMs, usually consisting of a overlay for the card slot and a concealed camera. However there are multiple approaches to eavesdropping POS equipment, each with advantages and drawbacks: hxxp: Camera and Double-swipe. The most basic approach requires a collusive merchant. The merchant positions a camera with view of the PIN pad, and secretly swipes the card through his own equipment before inserting it into the genuine device. hxxp: Hacked Terminal. A real POS terminal is opened up and additional circuitry/probes are added to monitor the keypad, and record the data from the smartcard. hxxp: Counterfeit Terminal. The shell of a genuine POS terminal is used to make a counterfeit, which appears to accept card and PIN, but performs no transaction. Alternatively the counterfeit may pass on the data stream from the smartcard to a hidden genuine terminal, but a physical actuator system to enter the PIN on the real terminal may be required. hxxp: Terminal Skimmer. A miniaturised interceptor device can be overlayedThe camera and double-swipe approach is definitely workable, but a significant disadvantage is the level of collusion from the merchant required, in order to set up the camera and conceal the second magstripe reader. In addition, a human must go through the video footage study the PINs entered, then correlate with the captured data, which is time consuming and error-prone. Modifying a working terminal requires bypassing of the tamper-resistance, and though this is unlikely to be of a high standard, the attack is still technically very complicated, and requires considerable manual effort for each terminal sabotaged. The counterfeit terminal approach is appealing, and scales better than a hacked terminal. However the effort required to program a brand-new terminal counterfeit (particularly to drive the receipt printer and LCD display) is substantial. It works well within the business model of giving the customer a free lunch in return for his card and PIN data, but ideally the corrupt merchant would like to mix genuine and counterfeit business over the course of the day. Setting up solenoid actuators so that the PIN can be forwarded is a further complication. In all, our preferred approach in terms of cost, development time and convenience is to create a skimming device which sits on the smartcard slot, and captures card and PIN data. We created a prototype device using an EZ-USB microcontroller and laptop computer, costing in total comfortably under $100, in development time of approximately one man-month. Our prototype is:
http://img133.imageshack.us/img133/9...mmerww8.th.jpg
on top of the smartcard slot on the POS terminal. From this position it can intercept the smartcard stream (capturing account details), and also the PIN. The PIN can be captured here because most European systems are using the cheaper Static Data Authentication EMV cards, which possess no private key, thus the PIN can only be sent in the clear.
2.2 Smartcard Relay Attacks
Eavesdropping attacks collect account and PIN data for use at a later date, but rely on the magnetic stripe fallback mode of operation, something which might one day be discountinued (though it is unlikely). However if the attackers are well-prepared, they can use the access to the customer's card and PIN in real-time: this is called a relay attack. For example, as you pay for a meal in a dodgy restaurant using your chip card, the waiter's sabotaged reader could simply forward all the traffic from your card wirelessly to an accomplice at a jewellers on the other side of town. The smartcard data stream would go maybe via GPRS to a PDA in the crooks pocket, then to his fake card, and the captured PIN read out via a headphone in his ear. You think you're paying for lunch, but in fact you're buying the crooks a diamond! This sort of relay attack is a variation on the counterfeit terminal eavesdropping attack, and we imagine the equipment reqired to deploy it would cost less than $2000, though substantial development and debugging time would be required.
more in next thread..
POS skimming (2)
3 Back-end API Attacks
Back at the bank data centre, a rack of Hardware Security Modules (HSMs) are tasked with providing the back-end support for EMV cards in the field. There are two ma jor roles: processing authorisation requests and responses, and sending secure messages. An authorisation request or response is simply a MAC over specific transaction data fields, constructed using a specially derived 3DES key shared between HSM and smartcard. A secure message can be thought of as an authenticated script command sent to a card, which usually acts to update some internal variable in the smartcard's non-volatile memory. Secure messages can have encrypted fields, for instance so that a new PIN can be securely sent to the card. 3.1 EMV Secure Messaging in the IBM CCA
IBM's Common Cryptographic Architecture is a popular security API implemented by IBM mainframes and in the 4758. As part of our study of EMV, we looked at the recently-added support for EMV transactions in both the CCA API and the Thales RG7000 series API. We found several vulnerabilities in the support for secure messaging, which are described in detail in a forthcoming paper [2]. These attacks are significant because they show that the EMV protocol has not mitigated the risks of abuse by bank programmers at operations centres, and insider attack there can rapidly undermine the system. We now briefly describe the attack on the CCA's Secure Messaging For Keys, which allows us to extract secret keys (and PIN updates) being sent to a smartcard, and inject our own keys and messages without authorisation. The CCA command Secure Messaging For Keys is basically a special kind of key export. It takes a key stored locally on an HSM, decrypts it, then formats it up as part of a secure message. This secure message format is specified by template input arguments to the command hxxp: consisting of a template and and offset at which to insert the encrypted data. The command then re-encrypts the message under a specially derived key shared between the HSM and the destination smartcard. Finally, a separate command MAC_Generate is used to create an authentication code over the whole message. Here is the Secure Messaging For Keys call in detail:
template , offset , {K1 }KM /T , {K2 }KM /SMSG - {template [K1 : offset ]}K2 hxxp: template : the message template, a byte-string to be used in preparing the plaintext. hxxp: offset : the offset within template where the key material should be placed. hxxp: {K1 }KM /T : K1 is the payload hxxp: a key to export to the smartcard. K M /T represents an encryption key used to store the payload key locally. hxxp: {K2 }KM /SMSG : K2 is the key shared between HSM and EMV smartcard. This is used to encrypt the confidential data within the secure message. hxxp: template [K1 : offset ]: represents the template plaintext template interpolated with key material K1 at offset offset . hxxp: {template [K1 : offset ]}K2 : the finished result hxxp: an encrypted secure message consisting of template with K 1 interpolated, all encrypted under K 2. 3.2 Construction of an Encryption Oracle
Our injection and extraction attacks work by gaining access to an encryption oracle. We first note that the CBC mode used in Secure Messaging For Keys has an unfortunate malleability property: a ciphertext can be truncated to create a ciphertext of an identically truncated plaintext hxxp: so long as the truncation is block-aligned. Thus, we can thus construct an encryption oracle for an arbitrary input message m as follows: EncryptionOracle p laintext , {K2 }KM /SMSG :
1. create a template template by extending plaintext by a single block, e.g. the 0-block. 2. set the offset to |plaintext |, which is effectively the beginning of the 0-block just added.
3. perform the call to Secure Messaging For Keys using any available exportable key {K1 }KM /T : plaintext ||"00000000", |plaintext |, {K1 }KM /T , {K2 }KM /SMSG - c the HSM will fill in the last block template (as indicated by offset ) with K1 , leaving the entire plaintext component of template untouched. 4. consider the first |plaintext | blocks of c, effectively discarding the last block. This truncated value is simply {plaintext }K2 , our desired result. This very straightforward observation undermines any security merits of the template-fill-in operation of the HSM hxxp: the programmer might as well be able to use the special wrapping key shared between HSM and card in a conventional Data_Encrypt command.
3.3 Extracting Keys
Such message injection can compromise the operation of particular cards actively, for instance by constructing a message containing a known PIN for the card. However active attacks at a bank data centre carry a significant risk of revealing the attacker's location, so retrieval of communications keys or PINs without affecting card state is far more dangerous. We now show how to expand the above oracle into a partial-key dictionary attack mechanism: using this approach, we can rapidly extract the key from any encrypted data field in a secure message, one byte at a time. In our explanation, we use [ ... ] to denote hex notation of a single 8 byte block. Here is the algorithm: ExtractKey { K1 }KM /T :
1. prepare 256 plaintext blocks of the form [0000 0000 0000 00yy] where 00 yy ff. 2. use EncryptionOracle on all of 256 plaintext blocks to generate a dictionary of 256 ciphertexts indexed by the ciphertext: {y y , 00 y y ff : (c, y y )}. 3. given any secure messaging key {K2 }KM /SMSG , make an API call as follows: [0000 0000 0000 0000], offset = 7, {K1 }KM /T , {K2 }KM /SMSG - c
4. compare c against the dictionary of ciphertext-indexed bytes. The match yields the first byte of the key, call it aa. 5. in order to discover the next byte of the key, repeat the process with a dictionary built from 256 plaintext blocks of the form 0x000000000000aayy, with an offset of 6. This will yield the 2nd byte bb of K1 . By continually shifting the key over by one block, we can extract the entire key, one byte at a time.
00000000 00000001
e(00) e(01)
. . .
000000fe 000000ff
Encryption Oracle
e(fe) e(ff)
. . .
00000000 e(k1)
K offset
Fig. 2. In the key-shifting attack, A 256-element dictionary is built up for each byte of the key that we want to check.
For a k -byte key, it takes 257k queries to extract the whole key: 256 to build up each dictionary, and one more query to identify the specific key byte. Thus a DES key can be extracted in 2056 queries, while a two-key 3DES key can be extracted in 5112 queries. With such an attack, a key update message between bank and card could be eavesdropped, and then a cloned chip card produced, or PINs could be discovered at will. It is interesting to see that while there is nothing wrong with the concept of a secure message in the EMV standard, the flexibility and extensibility requirements of the protocol have made it difficult to implement in an API. It seems IBM chose to make a general-purpose API command, which supported arbitrary secure messages, but unfortunately was also open to abuse.
That's my official paper. I just thought that in some kind of population like You it should be interesting. I just can offer some informations on pm or email.
Cya!
braincyberpunk[at]yahoo[dot]com
I'd like to tell You something in POS skimming but first..
I'm student of electronics and mechanisms, I can offer You some knowlage.. nowadays/soon ATM skimming will be more risky, Police and Depatments hardly working and Banks teaching customers how recognize skimmers and fake keypads or hidden cameras. Lets start the article, if somebody would like some help in that should contact me via email or pm.
Introduction
The EMV1 protocol suite hxxp: the technology underlying "Chip and PIN" hxxp: has now existed in one form or another for over ten years, though it has only been deployed in Europe for less than two years. Over this period there have been plenty of hypothetical attacks and fixes to the protocol in turn, yet it is only since deployment that there has been enough clarity to fully explore possible weaknesses both at a design and implementation level. In this paper, we look at the big picture of EMV, exploring the feasability of attacks exploiting the fundamental shortcoming of smartcard-based systems hxxp: lack of a trusted user interface. We then look at technical errors in the detail, specifically at how the bank's security API to receive and process messages from chip cards implements the required functionality; we show that several vendors have tripped up here. Finally we consider brand new attack modes that may become important in the future (once the easier vulnerabilities have been counteracted), specifically looking at combining technical sabotage attacks with the ever-problematic phising phenomenon. We hope that this whistle-stop tour shows that whilst EMV is undeniably a robust and secure payment protocol at heart, there is so much matter and
(*) EMV is named after the original contributing corporations: Europay, Mastercard and Visa
complexity around the edges to get wrong that there will be plenty to keep the criminals fed and watered in the future; we look forward in particular to phish and chips ! Section 2 of this paper describes eavesdropping and relay attacks, section 3 describes API attacks at the back end, and section 4 considers phishing attacks. We conclude in section 5.
2 Eavesdropping & Relay Attacks
While a smartcard is a very convenient form-factor to carry, it lacks a trusted user interface, unlike for instance a mobile phone. This means the PIN cannot be provided directly to the card, so there is the possibility of eavesdropping en-route. Lack of trusted display means there is no way to confirm who you are doing business with, and what amount is being transacted, so it becomes possible to relay the entire data stream to another location. Let's look at these two well-known drawbacks in more detail. 2.1 Eavesdropping POS Terminals
If account and PIN data can be eavesdropped from an EMV transaction at a Point-Of-Sale (POS) terminal, it is easy to make a magnetic stripe card containing that data, for fraudulent use in a foreign country where EMV is not supported. Eavesdropping equipment is already commonplace for unmanned ATMs, usually consisting of a overlay for the card slot and a concealed camera. However there are multiple approaches to eavesdropping POS equipment, each with advantages and drawbacks: hxxp: Camera and Double-swipe. The most basic approach requires a collusive merchant. The merchant positions a camera with view of the PIN pad, and secretly swipes the card through his own equipment before inserting it into the genuine device. hxxp: Hacked Terminal. A real POS terminal is opened up and additional circuitry/probes are added to monitor the keypad, and record the data from the smartcard. hxxp: Counterfeit Terminal. The shell of a genuine POS terminal is used to make a counterfeit, which appears to accept card and PIN, but performs no transaction. Alternatively the counterfeit may pass on the data stream from the smartcard to a hidden genuine terminal, but a physical actuator system to enter the PIN on the real terminal may be required. hxxp: Terminal Skimmer. A miniaturised interceptor device can be overlayedThe camera and double-swipe approach is definitely workable, but a significant disadvantage is the level of collusion from the merchant required, in order to set up the camera and conceal the second magstripe reader. In addition, a human must go through the video footage study the PINs entered, then correlate with the captured data, which is time consuming and error-prone. Modifying a working terminal requires bypassing of the tamper-resistance, and though this is unlikely to be of a high standard, the attack is still technically very complicated, and requires considerable manual effort for each terminal sabotaged. The counterfeit terminal approach is appealing, and scales better than a hacked terminal. However the effort required to program a brand-new terminal counterfeit (particularly to drive the receipt printer and LCD display) is substantial. It works well within the business model of giving the customer a free lunch in return for his card and PIN data, but ideally the corrupt merchant would like to mix genuine and counterfeit business over the course of the day. Setting up solenoid actuators so that the PIN can be forwarded is a further complication. In all, our preferred approach in terms of cost, development time and convenience is to create a skimming device which sits on the smartcard slot, and captures card and PIN data. We created a prototype device using an EZ-USB microcontroller and laptop computer, costing in total comfortably under $100, in development time of approximately one man-month. Our prototype is:
http://img133.imageshack.us/img133/9...mmerww8.th.jpg
on top of the smartcard slot on the POS terminal. From this position it can intercept the smartcard stream (capturing account details), and also the PIN. The PIN can be captured here because most European systems are using the cheaper Static Data Authentication EMV cards, which possess no private key, thus the PIN can only be sent in the clear.
2.2 Smartcard Relay Attacks
Eavesdropping attacks collect account and PIN data for use at a later date, but rely on the magnetic stripe fallback mode of operation, something which might one day be discountinued (though it is unlikely). However if the attackers are well-prepared, they can use the access to the customer's card and PIN in real-time: this is called a relay attack. For example, as you pay for a meal in a dodgy restaurant using your chip card, the waiter's sabotaged reader could simply forward all the traffic from your card wirelessly to an accomplice at a jewellers on the other side of town. The smartcard data stream would go maybe via GPRS to a PDA in the crooks pocket, then to his fake card, and the captured PIN read out via a headphone in his ear. You think you're paying for lunch, but in fact you're buying the crooks a diamond! This sort of relay attack is a variation on the counterfeit terminal eavesdropping attack, and we imagine the equipment reqired to deploy it would cost less than $2000, though substantial development and debugging time would be required.
more in next thread..
POS skimming (2)
3 Back-end API Attacks
Back at the bank data centre, a rack of Hardware Security Modules (HSMs) are tasked with providing the back-end support for EMV cards in the field. There are two ma jor roles: processing authorisation requests and responses, and sending secure messages. An authorisation request or response is simply a MAC over specific transaction data fields, constructed using a specially derived 3DES key shared between HSM and smartcard. A secure message can be thought of as an authenticated script command sent to a card, which usually acts to update some internal variable in the smartcard's non-volatile memory. Secure messages can have encrypted fields, for instance so that a new PIN can be securely sent to the card. 3.1 EMV Secure Messaging in the IBM CCA
IBM's Common Cryptographic Architecture is a popular security API implemented by IBM mainframes and in the 4758. As part of our study of EMV, we looked at the recently-added support for EMV transactions in both the CCA API and the Thales RG7000 series API. We found several vulnerabilities in the support for secure messaging, which are described in detail in a forthcoming paper [2]. These attacks are significant because they show that the EMV protocol has not mitigated the risks of abuse by bank programmers at operations centres, and insider attack there can rapidly undermine the system. We now briefly describe the attack on the CCA's Secure Messaging For Keys, which allows us to extract secret keys (and PIN updates) being sent to a smartcard, and inject our own keys and messages without authorisation. The CCA command Secure Messaging For Keys is basically a special kind of key export. It takes a key stored locally on an HSM, decrypts it, then formats it up as part of a secure message. This secure message format is specified by template input arguments to the command hxxp: consisting of a template and and offset at which to insert the encrypted data. The command then re-encrypts the message under a specially derived key shared between the HSM and the destination smartcard. Finally, a separate command MAC_Generate is used to create an authentication code over the whole message. Here is the Secure Messaging For Keys call in detail:
template , offset , {K1 }KM /T , {K2 }KM /SMSG - {template [K1 : offset ]}K2 hxxp: template : the message template, a byte-string to be used in preparing the plaintext. hxxp: offset : the offset within template where the key material should be placed. hxxp: {K1 }KM /T : K1 is the payload hxxp: a key to export to the smartcard. K M /T represents an encryption key used to store the payload key locally. hxxp: {K2 }KM /SMSG : K2 is the key shared between HSM and EMV smartcard. This is used to encrypt the confidential data within the secure message. hxxp: template [K1 : offset ]: represents the template plaintext template interpolated with key material K1 at offset offset . hxxp: {template [K1 : offset ]}K2 : the finished result hxxp: an encrypted secure message consisting of template with K 1 interpolated, all encrypted under K 2. 3.2 Construction of an Encryption Oracle
Our injection and extraction attacks work by gaining access to an encryption oracle. We first note that the CBC mode used in Secure Messaging For Keys has an unfortunate malleability property: a ciphertext can be truncated to create a ciphertext of an identically truncated plaintext hxxp: so long as the truncation is block-aligned. Thus, we can thus construct an encryption oracle for an arbitrary input message m as follows: EncryptionOracle p laintext , {K2 }KM /SMSG :
1. create a template template by extending plaintext by a single block, e.g. the 0-block. 2. set the offset to |plaintext |, which is effectively the beginning of the 0-block just added.
3. perform the call to Secure Messaging For Keys using any available exportable key {K1 }KM /T : plaintext ||"00000000", |plaintext |, {K1 }KM /T , {K2 }KM /SMSG - c the HSM will fill in the last block template (as indicated by offset ) with K1 , leaving the entire plaintext component of template untouched. 4. consider the first |plaintext | blocks of c, effectively discarding the last block. This truncated value is simply {plaintext }K2 , our desired result. This very straightforward observation undermines any security merits of the template-fill-in operation of the HSM hxxp: the programmer might as well be able to use the special wrapping key shared between HSM and card in a conventional Data_Encrypt command.
3.3 Extracting Keys
Such message injection can compromise the operation of particular cards actively, for instance by constructing a message containing a known PIN for the card. However active attacks at a bank data centre carry a significant risk of revealing the attacker's location, so retrieval of communications keys or PINs without affecting card state is far more dangerous. We now show how to expand the above oracle into a partial-key dictionary attack mechanism: using this approach, we can rapidly extract the key from any encrypted data field in a secure message, one byte at a time. In our explanation, we use [ ... ] to denote hex notation of a single 8 byte block. Here is the algorithm: ExtractKey { K1 }KM /T :
1. prepare 256 plaintext blocks of the form [0000 0000 0000 00yy] where 00 yy ff. 2. use EncryptionOracle on all of 256 plaintext blocks to generate a dictionary of 256 ciphertexts indexed by the ciphertext: {y y , 00 y y ff : (c, y y )}. 3. given any secure messaging key {K2 }KM /SMSG , make an API call as follows: [0000 0000 0000 0000], offset = 7, {K1 }KM /T , {K2 }KM /SMSG - c
4. compare c against the dictionary of ciphertext-indexed bytes. The match yields the first byte of the key, call it aa. 5. in order to discover the next byte of the key, repeat the process with a dictionary built from 256 plaintext blocks of the form 0x000000000000aayy, with an offset of 6. This will yield the 2nd byte bb of K1 . By continually shifting the key over by one block, we can extract the entire key, one byte at a time.
00000000 00000001
e(00) e(01)
. . .
000000fe 000000ff
Encryption Oracle
e(fe) e(ff)
. . .
00000000 e(k1)
K offset
Fig. 2. In the key-shifting attack, A 256-element dictionary is built up for each byte of the key that we want to check.
For a k -byte key, it takes 257k queries to extract the whole key: 256 to build up each dictionary, and one more query to identify the specific key byte. Thus a DES key can be extracted in 2056 queries, while a two-key 3DES key can be extracted in 5112 queries. With such an attack, a key update message between bank and card could be eavesdropped, and then a cloned chip card produced, or PINs could be discovered at will. It is interesting to see that while there is nothing wrong with the concept of a secure message in the EMV standard, the flexibility and extensibility requirements of the protocol have made it difficult to implement in an API. It seems IBM chose to make a general-purpose API command, which supported arbitrary secure messages, but unfortunately was also open to abuse.
That's my official paper. I just thought that in some kind of population like You it should be interesting. I just can offer some informations on pm or email.
Cya!
braincyberpunk[at]yahoo[dot]com
