Vulnerability in Visa cards allows to bypass PIN code verification during contactless payment
Who Said Carding Is Dying? No, he just becomes more intelligent, if 15 years ago any guest worker in Europe who saved up on MSR206 and got acquainted with one of the dumpers on the Internet could call himself a carder, now the situation has changed dramatically and for a successful attack on payment systems, no only specific knowledge, but also a certain mindset.
And the fact that despite the almost universal arrival of new methods of protection, the electronic payments industry is still rife with vulnerabilities this time, researchers from ETH Zurich prove.
Researchers have
clearly demonstrated a way to attack
EMV, which allows you
to bypass card
PIN verification even for large transactions. The essence of this MITM attack is to mislead the payment terminal and payment gateway by transmitting, along with the card details, information that the cardholder's authentication was performed on a payment device (for example, a smartphone), much like Apple Pay does. Google Pay and others.
Shall we figure it out?
We replace the data transmitted to the terminal using a MITM attack
EMV (short for Europay, Mastercard and Visa) is a widely used international standard for the smart card payment protocol that requires PIN confirmation when withdrawing large amounts from payment cards.
Researchers at ETH have found a critical flaw in the EMV protocol, allowing a man-in-the-middle (MitM) attack through an Android app that “tells the terminal that no PIN verification is required because the cardholder verification has already been done on its device ”, Bypass the PIN check.
This means that from now on, the PIN code will not prevent attackers from using a stolen contactless Visa card to pay for their transactions, even if the amount exceeds the limit. To carry out an attack, carders must have access to the card, either by stealing it or by copying NFC information from it. The researchers say that the data from the card track, namely its number and PVV, is enough to carry out a transaction.
The vulnerability arises because the Cardholder Verification Method (CVM), which is used to verify that a person attempting to transact with a card is the legitimate owner of the card, is not cryptographically protected.
Demonstration
The researchers developed an experimental Android app to demonstrate how easy it is to exploit the vulnerabilities they discovered. The application implements a MITM attack on transmitted data. The attack modifies the terminal commands and card responses before they are delivered.
The devices in the diagram are the payment terminal (left) and the victim's contactless card (right). The phone next to the payment terminal is an emulator of the intruder's card, and the phone next to the victim's card is a device that emulates a POS terminal. The attacker's devices communicate with each other via Wi-Fi, and with the terminal and card via NFC.
There are six flavors of EMV contactless protocols, and each is supported by one of the card brands: Mastercard, Visa, American Express, JCB, Discover, and UnionPay. The PIN bypass attack is applicable to the Visa protocol and (possibly) the Discover and UnionPay protocols, but the latter two have not been tested in practice.
Unfortunately, the researchers did not publish the technical details of the attack or the Android application code.
And you can also make offline transactions and not pay
Researchers also discovered a second vulnerability in offline contactless transactions, performed either with a Visa or an old Mastercard, allowing an attacker to modify a specific piece of data called an Application Cryptogram (AC) before it is transmitted to the terminal. payment.
Offline cards are usually used to pay directly for goods and services from the bank account of the cardholder without the need to enter a PIN. But since these transactions are not connected to the online system, there is a delay of 24 to 72 hours before the bank confirms the legitimacy of the transaction using a cryptogram, and the purchase amount is debited from the account.
An attacker can attack this deferred processing mechanism by using a card to carry out a small offline transaction. By the time the issuing bank rejects the transaction due to an incorrect cryptogram, the criminal will take the purchased goods. In the Russian Federation, the limit of such transactions is up to $ 15. There are countries with a much larger limit. You can eat and refuel. Profit.
Magic CTQ (Card Transaction Qualifiers) and TTQ (Terminal Transaction Qualifiers)
CTQ
CTQ is set by the card issuer at the time of card issuance and determines what actions will be performed at the POS terminal when a transaction occurs. This data is standard for all EMV cards and allows the card issuer to transmit POS control values to the terminal during a transaction. Unfortunately, there is not much public documentation. Nevertheless, from what we have found, it is possible to understand which control values exist and the importance of what they are responsible for. When exchanging data between the terminal and the CTQ card, they are not encrypted!
| Bit | condition | Description |
| 8 | True | Require online PIN |
| 7 | True | Require online signature |
| 6 | True | Switch to online mode if offline authentication failed and the reader supports online mode |
| 5 | True | Switch interface if offline authentication failed and the reader supports VIS |
| 4 | True | Go online if the app has expired |
| 3 | True | Toggle CashTransactions interface |
| 2 | Trua | Switch interface for Cashback Transactions |
| 1 | N / A | RFU |
CTQ byte 1.
| Bit | condition | Description |
| 8 | True | Consumer Device CVMPerformed. The eighth bit is not used by Visa cards and is usually set to False |
| 7 | True | Card supports Issuer Update Processing at the POS |
| 6 | N / A | RFU |
| 5 | N / A | RFU |
| 4 | N / A | RFU |
| 3 | N / A | RFU |
| 2 | N / A | RFU |
| 1 | N / A | RFU |
CTQ byte 2
By setting the check bit values, CTQ controls the following transaction parameters:
- If the app has expired, the CTQ setting will determine if transactions are processed online or rejected immediately
- If a monetary transaction is in progress, CTQ determines whether to switch the transaction to contact method n or reject it
- If the fDDA (authentication check) fails again, CTQ has three options: process the transaction online, switch it to contact mode, or reject it.
- If the CTQ is not returned by the card to the terminal and the reader requires CVM (from their TTQ settings), the reader will decide to use the signature, online pin or reject the transaction
- If the CTQ is returned by the card to the terminal, it decides which CVM can or should be used in the online PIN or signature
CTQ results are transmitted in both authorization messages and clearing messages in every transaction.
TTQ
| Bit | Value | Description |
| 8 | True | Contactless MSD supported |
| 7 | True | Contactless VSDC supported |
| 6 | True | Contactless qVSDC supported |
| 5 | True | EMV contact chip supported |
| 4 | True | Offline-only reader |
| 3 | True | Online PIN supported |
| 2 | True | Signature supported |
| 1 | True | Offline Data Authentication (ODA) for Online Authorizations supported |
TTQ byte 1
| Bit | Value | Description |
| 8 | True | Online cryptogram required |
| 7 | True | CVM required |
| 6 | True | (Contact Chip) Offline PIN supported |
| 5 | N / A | RFU |
| 4 | N / A | RFU |
| 3 | N / A | RFU |
| 2 | N / A | RFU |
| 1 | N / A | RFU |
TTQ byte 2
| Bit | Value | Description |
| 8 | True | Issuer Update Processing Supported |
| 7 | True | Mobile functionality supported (Consumer Device CVM) |
| 6 | N / A | RFU |
| 5 | N / A | RFU |
| 4 | N / A | RFU |
| 3 | N / A | RFU |
| 2 | N / A | RFU |
| 1 | N / A | RFU |
TTQ byte 3
With their settings CTQ and TTQ determine how the transaction will proceed and what is required for its execution. And this data is transmitted unencrypted!
In my opinion, everything is clear, all that remains is to get the Proxmark and figure out the details.
Effects
Hello 2000s! Not only if you have the data of the second track, you can again carry out transactions without “steaming” and buy goods in trucks, but also in between shop-runs, carders can refuel and eat for free thanks to offline vulnerabilities. Vulnerabilities in the protocol affect fundamental system functions and cannot be quickly fixed.
Also, I remind you that Github is replete with Host Card Emulation Android applications and all you need is to finish them a little.
If you remember that in some countries, transactions still take place using a magnetic stripe, you can imagine how long it will take for payment operators to patch the holes described above.
A new era of carding?
Wang the rise in prices for Visa dumps in darknet shops.
P.S. Read the details of the study at
https://emvrace.github.io/
