EMV protocol flaw allows 'pre-play' attacks against chip-enabled payment cards, researchers say
Many automated teller machines (ATMs) and point-of-sale (POS) terminals fail to properly generate random numbers that are required by the EMV protocol to securely authenticate transaction requests, according to a team of researchers from the University of Cambridge in the U.K.
The use of defective random number generation algorithms make those payment devices vulnerable to so-called "pre-play" attacks that allow criminals to send fraudulent transaction requests from rogue chip-enabled credit cards, the researchers said in a paper released Tuesday.
The EMV (Europay, MasterCard and Visa) standard requires the use of payment cards with integrated circuits that are capable of performing specific cryptographic functions. These cards are commonly known as chip-and-PIN cards, EMV cards or IC (integrated circuit) cards.
EMV-compliant devices need to generate so-called "unpredictable numbers" (UNs) for every transaction request in order for the card issuers to verify the "freshness" of these requests.
Older versions of the EMV specification didn't provide clear instructions for how these random numbers should be generated and only required that payment devices generate four different consecutive UNs to be compliant.
"So, if you're a programmer, you can implement this as a counter," said Ross Anderson, professor of security engineering at Cambridge University and one of the paper's authors. "We found ATMs and PoS terminals where this is what they [the manufacturers] seem to have done."
The researchers analyzed UNs generated for over 1,000 transactions by 22 different ATMs and 5 PoS terminals in the U.K. and searched for patterns that would suggest the use of weak random number generation algorithms by those devices. They also reverse engineered ATMs acquired from eBay to inspect their UN generation algorithms.
When a payment device wants to initiate a transaction it sends the transaction details -- the amount, the currency, the date of the transaction, etc. -- to the EMV card inserted in its card reader together with a UN generated on the fly.
The card uses a secret encryption key that is securely stored on its chip to compute an authorization request cryptogram (ARQC) from the transaction data and the UN. The payment device then sends this cryptogram together with the encrypted PIN and the UN in plain-text form to the card issuing bank for verification.
The bank decrypts the ARQC and validates the information inside. It also compares the UN found inside the cryptogram with the plain-text one and if they match, it treats the transaction as fresh and authorizes it.
The payment device could end up generating predictable numbers instead of random ones due to a bad design, Anderson said.
It is better for the bank to generate the UN and send it to the card, he said. Then the card would use the unpredictable number and the transaction details to compute an ARQC, which would be sent back to the bank for verification.
If attackers can predict what UN a particular model of ATMs or payment terminals will generate at a future point in time, they can force genuine cards to compute ARQCs for transactions with a future date and then use those ARQCs with rogue chip cards.
In one scenario, for example, a customer goes into a coffee shop that happens to be controlled by a criminal gang and which uses payment terminals with maliciously modified firmware.
The customer would then insert his payment card into one of the rogue terminals in order to pay for his coffee. When this happens, the terminal would record the customer's payment card information and PIN and, in addition to initiating the legitimate payment, would force the card to generate an ARQC for a transaction with a future date and a specific UN.
In this case, the UN would be a number the attackers know that a particular ATM model will generate at a future point in time. After receiving the ARQC from the card, the rogue terminal wouldn't submit it to the card issuer for verification and wouldn't display anything on the screen.
A criminal would then be able to create a rogue card with information matching the customer's genuine card and program it with the pre-recorded ARQC. That card could later be used to withdraw an amount of money specified in the pre-generated ARQC when the time is right and the target ATM generates the predictable UN.
Pulling off this type of attack at a PoS terminal in the U.K. for example would not even require the correct PIN, Anderson said. PoS terminals don't send PINs to card issuers and validate them offline instead, by comparing them to values stored on the cards themselves. Since an attacker is using a rogue card they can program whatever PIN value they want on it and just type that at the PoS terminal, Anderson said.
What appears in the issuing bank's records as a result of a pre-play attack is no different from what would appear as a result of traditional card cloning attacks, a type of attack that the banking industry has repeatedly claimed cannot happen with EMV, Anderson said.
Fixing the UN generation algorithms would not prevent all pre-play attack scenarios, the researchers said in their paper. As long as the UNs are generated by the payment devices and not the card issuers, other attack methods are possible, as malware running on an ATM could sabotage the UN choice, the researchers said.
This research shows that when a customer disputes a transaction, the transaction logs from the acquiring bank and the merchant need to be taken into consideration in addition to the logs of the card issuing bank, Anderson said.
"We take anything of this nature extremely serious, but what we would say is that there is absolutely no evidence that this type of fraud is happening in the real world," said Mark Bowerman a spokesman for the UK Cards Association. "Part of the reason for that is that this is a very complicated and technically difficult attack to achieve."
Anderson disputes that. "We present the evidence in the paper," he said. "We gave them advance responsible disclosure of this. We discussed it with bank officials in February, so the industry has known about this and some insiders have admitted that they knew it was a problem."
In their paper, the Cambridge researchers said that they started researching possible issues with EMV unpredictable numbers after looking into the case of an HSBC Bank customer from Malta who was declined reimbursement for what the customer claimed were fraudulent transactions performed at an ATM in Palma de Mallorca, Spain in June 2011. In that case the transaction logs obtained from the bank revealed that UNs associated with the disputed transactions were predictable.
"Since we became aware of the contents of this paper, the industry has undertaken steps to ensure that this type of attack can't happen," Bowerman said. "In the unlikely event that it were to happen, and there's been no evidence to date that an attack of this nature has happened, anybody who's been an innocent victim of this fraud would get their money back from their bank."