Professional Documents
Culture Documents
Emerging Threats Alan Mushing Prague For Release
Emerging Threats Alan Mushing Prague For Release
Emerging Threats Alan Mushing Prague For Release
Alan Mushing
Senior Business Leader
MasterCard Worldwide
Emerging Threats
From the News and Recent Technical Security Conferences
In the News….
Emerging Threats
• POS Compromise
• Chip and PIN Broken
• Chip and PIN Definitely Broken
• Reverse Engineering Smart Card Chips
• Electronic Pickpocketing
Academy of Risk Management | Innovate. Collaborate. Educate. ©2011 MasterCard. August 24, 2011
Proprietary Page 2
1
September 26, 2011
Aldi “was
was recently notified that the security of a limited
number of debit card terminals at some stores may
have been compromised through tampering designed
to steal customers’ payment card information.”
Academy of Risk Management | Innovate. Collaborate. Educate. ©2011 MasterCard. August 24, 2011
Proprietary Page 3
Academy of Risk Management | Innovate. Collaborate. Educate. ©2011 MasterCard. August 24, 2011
Proprietary Page 4
2
September 26, 2011
Magstripe Data
Academy of Risk Management | Innovate. Collaborate. Educate. ©2011 MasterCard. August 24, 2011
Proprietary Page 6
3
September 26, 2011
Academy of Risk Management | Innovate. Collaborate. Educate. ©2011 MasterCard. August 24, 2011
Proprietary Page 7
PIN entry
Wedge says
seems OK I didn’t
“PIN OK”
see a PIN
If the transaction is
online and the network
carries CVM Results,
then the host could
check them against
CVR
Academy of Risk Management | Innovate. Collaborate. Educate. ©2011 MasterCard. August 24, 2011
Proprietary Page 8
4
September 26, 2011
More details on the SCD are on my MPhil thesis. Also important, the software is open source and along with the hardware
schematics can be found in the project’s page. The aim of this is to make the SCD a useful tool for EMV research, so that
other problems can be found and fixed. October 19th, 2010 by Omar Choudary
Academy of Risk Management | Innovate. Collaborate. Educate. ©2011 MasterCard. August 24, 2011
Proprietary Page 9
MCAL
Academy of Risk Management | Innovate. Collaborate. Educate. ©2011 MasterCard. August 24, 2011
Proprietary Page 10
5
September 26, 2011
Academy of Risk Management | Innovate. Collaborate. Educate. ©2011 MasterCard. August 24, 2011
Proprietary Page 11
MC Spec
Wedge says recommends CVM
“PIN OK” Results are sent to
If the transaction is
online and the network card
carries CVM Results,
then the host could MC Card checks the
check them against CVM Results and
CVR sets a CVR bit if:-
‘terminal
CDA signs the ARQC such erroneously thinks
that any tampering with CVM PIN OK’
Results can be detected by
terminal, preventing the
attack even in offline capable
environments
Academy of Risk Management | Innovate. Collaborate. Educate. ©2011 MasterCard. August 24, 2011
Proprietary Page 12
6
September 26, 2011
Academy of Risk Management | Innovate. Collaborate. Educate. ©2011 MasterCard. August 24, 2011
Proprietary Page 13
Academy of Risk Management | Innovate. Collaborate. Educate. ©2011 MasterCard. August 24, 2011
Proprietary Page 14
7
September 26, 2011
Academy of Risk Management | Innovate. Collaborate. Educate. ©2011 MasterCard. August 24, 2011
Proprietary Page 15
Barisani says these flaws can be found in current and emerging credit card
systems, including the EuroPay-Mastercard-Visa (EMV) system that is being
implemented worldwide. While EMV supports three types of cards -- older
magnetic stripe cards, current chip cards, and more secure chip cards --
skimmers can force transactions to use the least secure transaction method,
he warns. EMV currently supports three different standards: static data
authentication, an upgrade from older magstripe cards; dynamic data
authentication, a more secure implementation that uses an encryption key to
scramble transaction information; and combined data authentication, which
implements more stringent security measures.
Attackers who can attach a skimming device to the point-of-sale terminal can
control the security negotiation between the terminal and the consumer's credit
card, Barisani explains. In order to support the older POS technologies, credit
and debit cards will transmit a user's PIN in the clear if required by the terminal.
A skimmer attached to the device can then scoop up the details of the credit
card.”
Academy of Risk Management | Innovate. Collaborate. Educate. ©2011 MasterCard. August 24, 2011
Proprietary Page 16
8
September 26, 2011
• The attacker may successfully capture the PIN, but still needs to steal the card
• Traditional payment system defenses will apply
Academy of Risk Management | Innovate. Collaborate. Educate. ©2011 MasterCard. August 24, 2011
Proprietary Page 17
“Smart cards chips – originally invented as a protection for cryptographic keys – are
increasingly used to keep protocols secret. This talk challenges the chips' security measures
to unlock the protocols for public analysis.
These smart card chips are found in banking cards, authentication tokens, encryption
appliances and master key vaults
appliances, vaults.
The protection capabilities of the chip are increasingly used to also keep secret application
code running on the devices. For example, the protocols of modern EMV credit cards are not
publicly known.
Such obscurity is hindering analysis, hence letting logic and implementation flaws go
unnoticed in widely deployed systems, including credit card systems.
We demonstrate a method of extracting application code from smart cards with simple
equipment to open the application code for further analysis.”
Academy of Risk Management | Innovate. Collaborate. Educate. ©2011 MasterCard. August 24, 2011
Proprietary Page 18
9
September 26, 2011
Metal 2 (aluminium)
Passivation
Metal 1 (aluminium)
Polysilicon
Feature size
Silicon substrate
Academy of Risk Management | Innovate. Collaborate. Educate. ©2011 MasterCard. August 24, 2011
Proprietary Page 19
Academy of Risk Management | Innovate. Collaborate. Educate. ©2011 MasterCard. August 24, 2011
Proprietary Page 20
10
September 26, 2011
Academy of Risk Management | Innovate. Collaborate. Educate. ©2011 MasterCard. August 24, 2011
Proprietary Page 21
• Over etching
• Tracks have
come loose
• Will cause
problems for
automated RE
Academy of Risk Management | Innovate. Collaborate. Educate. ©2011 MasterCard. August 24, 2011
Proprietary Page 22
11
September 26, 2011
Academy of Risk Management | Innovate. Collaborate. Educate. ©2011 MasterCard. August 24, 2011
Proprietary Page 23
Reverse Engineering
Academy of Risk Management | Innovate. Collaborate. Educate. ©2011 MasterCard. August 24, 2011
Proprietary Page 24
12
September 26, 2011
Electronic Pickpocketing
US/Canada
News
during 2011
Academy of Risk Management | Innovate. Collaborate. Educate. ©2011 MasterCard. August 24, 2011
Proprietary Page 25
Ø1m
13
September 26, 2011
Contactless Pickpocketing
Note: This is NOT a new attack – just another easy way to demonstrate that
reading the data from a contactless card is straightforward - as designed
but the data itself is not useful – no name and no CVC1 or CVC2
It is protected from re-use by PayPass Magstripe dynamic CVC3 – or the
PayPass MChip dynamic EMV cryptograms
Academy of Risk Management | Innovate. Collaborate. Educate. ©2011 MasterCard. August 24, 2011
Proprietary Page 27
Security Evaluation
14