New Attack Against Chip-and-Pin Systems
Well, new to us:
You see, an EMV payment card authenticates itself with a MAC of transaction data, for which the freshly generated component is the unpredictable number (UN). If you can predict it, you can record everything you need from momentary access to a chip card to play it back and impersonate the card at a future date and location. You can as good as clone the chip. It’s called a “pre-play” attack. Just like most vulnerabilities we find these days some in industry already knew about it but covered it up; we have indications the crooks know about this too, and we believe it explains a good portion of the unsolved phantom withdrawal cases reported to us for which we had until recently no explanation.
Paper here. And news article.
Section9_Bateau • September 11, 2012 1:09 PM
I would like to point out that this “unpredictable numbers” is nothing more then a weak excuse for a nonce, and in reality, almost all payment systems will just stop processing (not return error to the payment processor, which would help warn of the attack) if the chip is removed (physically or logically) from the terminal during a transaction.
Best case, this would be a PRNG with a period of 2**17 it sounds like (though that example was just an incrementing counter), which is actually VERY low. If it is indeed just a counter, as was indicated in one example in the paper, it is periodic and predictable, and I have personally used timing attacks with target in the sub-milisecond range just fine in attacks on systems across continents.
There is no reason to believe an attacker can’t easily determine the correct timing sync of a transaction processor, get a few second window worth of “unpredictable numbers”, and then just wait to process their transaction in that window. Key thing in protocol design, “number(s) used only once” should be used only once! I really wish I had time to pick apart the EMV standard, too bad my day job takes more hours then are in a day.