Another Debit Card Skimmer

This one is installed inside gas pumps. There's nothing the customer can detect.

EDITED TO ADD (3/5): Pictures.

LVMPD found that one of these skimmers can be installed in eight minutes flat.

Posted on February 22, 2010 at 7:09 AM • 67 Comments

Comments

NickFebruary 22, 2010 7:22 AM

"They are able to get into the actual gas pump," said Milka. "So, obviously, those pumps are not very secure. Whoever manufactures them has to come up with something better."

I think the CC companies need to come up with a more secure way of handling the transaction.

RandyFebruary 22, 2010 7:39 AM

Wouldn't this have to be someone that has legitimate access to *inside* the pump? I don't think I'd be able to take a pump apart with the attendant noticing?

Maybe I'll try it tonight. My excuse will be "I paid too much and was trying to get my money back out."

Randy -- doyouthinkitwillwork?

larry seltzerFebruary 22, 2010 7:53 AM

I have to think these are old pumps, or more specifically old electronics. I know that for many years the cc industry has been working with the gas pump industry to improve security. I'm pretty sure new pumps have been required to TDES encrypt at the keypad itself. Not sure about old ones.

Clive RobinsonFebruary 22, 2010 8:07 AM

What is the betting that within a short while people will say "this can't happen with Chip-n-Spin"...

The more I think about it the more I like Bruce's idea of make the card issuers pick up all the bad debit not even the banks or the merchants and most definatly not Jo Consumer.

Then I think you would find that the payment card industry might just start taking things a little more seriously.

Oh by the way this is not the first time EPOS terminals have had trojan hardware in them. If you think back a major UK supermarket got a shipment of EPOS terminals eith built in skiming and cell phone get the data out systems (I think but am not sure that the terminals where manufactured in China).

SaradFebruary 22, 2010 8:49 AM

This disclosure is a double edged sword. it may help the real victims to get back their money but it may cause any one who previously had withdrawn money from that ATM to falsely claim that their money was stolen.

HJohnFebruary 22, 2010 8:52 AM

@Clive Robinson: "The more I think about it the more I like Bruce's idea of make the card issuers pick up all the bad debit not even the banks or the merchants and most definatly not Jo Consumer."
_______________

I agree to a point. The merchants are in the best position to detect fraudulent activity, so some liability should no doubt be placed on them.

I'm up in the air about the merchants though. They aren't in a position to detect fraudulent activity, but they are in the best position to secure the equipment. Perhaps they should have some liability.

HJohnFebruary 22, 2010 8:55 AM

@Sarad: "This disclosure is a double edged sword. it may help the real victims to get back their money but it may cause any one who previously had withdrawn money from that ATM to falsely claim that their money was stolen."
-----------

True. Hopefully, however, the ATM will have a camera that will have shown if it was the card holder. Granted, it will capture an unauthorized person, but that is more complex. It is much easier to take a video and determine if it matches a specific person, and much tougher to take a video of an unknown person and identify who it is.

StephenFebruary 22, 2010 9:22 AM

At one of my local convenience store chains, they put tamper-evident tape over the opening side of the pump's front panel. The tape is specially printed with the company logo, so no picking up a roll at Home Depot.

Obviously this does not prevent an inside job (since they'd presumably have access to the tape as well), but you'd like to imagine that a company thinking like that has some good internal fraud control as well.

jgrecoFebruary 22, 2010 9:24 AM

This seems pretty odd to me. Making external attachments to an ATM seems relatively straightforward. Anyone can walk up to an ATM and examine it's physical structure. To make a device that is placed on the inside of the pump, you would need to be familar with the inside of the pump. I think it is likely that whoever did this accessed the inside of the pump twice. Once to design the device, the second time to plant it. I really doubt someone could pull this off unless they had otherwise legitimate access to the device.

@HJohn

I think you typo'd, did you mean "The consumer are in the best position to detect fraudulent activity"?

HJohnFebruary 22, 2010 9:36 AM

jgreco: I think you typo'd, did you mean "The consumer are in the best position to detect fraudulent activity"?
_________

Ugh, you are correct that I typoed. That's what I get for posting before I've had my coffee.

The sentence should have red: "The financial institutions are in the best position to detect fraudulent activity, so some liability should no doubt be placed on them."

I didn't mean consumers. They are in position once a month when they get statements (or online daily, if they set it up that way). What I mean by financial institutions is that they can detect if something is fishy in real time (for example, if someone makes a gas purchase with their card, and then 20 minutes later makes an ATM withdrawal 50 miles away).

Consumers are a sticky subject. They are defenseless against skimmers, and cannot detect transactions in real time, but that is not to say they should have no culpability if they do not review their transactions.

HJohnFebruary 22, 2010 9:37 AM

@jgreco at February 22, 2010 9:24 AM
______

P.S. I meant to say "thank you" for pointing that out. The typo made me sound ridiculous and I wouldn't have went back without you letting me know. I appreciate it.

LesFebruary 22, 2010 9:48 AM

You would have to be familiar with the pump, but these things are mass-manufactured goods that are maintained by minimum wage employees.

Once you've figured out how to install your skimmer, you need to find other stations that uses the same model pump.
I'm sure the locks would not stop a determined attacker.

jgrecoFebruary 22, 2010 9:48 AM

@HJohn

Yeah, I agree. Consumers are the only ones that are able to say for certainty which purchases were or where not fraudulant (of course only they can be sure, because they may lie to others), but the financial institutions are in a much better position to detect and act on fraud in a timely manner. I didn't mean to imply that I think the consumer should be responsible, I didn't put much thought into it ;)

HJohnFebruary 22, 2010 10:03 AM

@jgreco: "Consumers are the only ones that are able to say for certainty which purchases were or where not fraudulant (of course only they can be sure, because they may lie to others), but the financial institutions are in a much better position to detect and act on fraud in a timely manner. I didn't mean to imply that I think the consumer should be responsible, I didn't put much thought into it ;)
____________

I didn't think you implied that, and I agree with.

This is why I'm not for putting sole responsibility on one entity alone, because the others will pass the buck. Merchants need some culpability because they are in the best position at the physical level (secure pumps, ask for identification, etc.). Financial institutions need some culpability since they issue the cards, control the alogorithms, and are in the best position to detect something fishy in real time. I also think consumers need some culpability since they have physical possession of the cards and are the ones who know whether or not transactions are legit (if they are honest about it).

The issue of Joe Consumer being culpable is the greatest disagreement among most people, and in some cases the financial institutions accept responsibility as an incentive for Joe to use their product, and I guess this is their business. But realistically, if someone finds or steals a credit card and it is used at a pump for gas in the card-holder's home town, then there is no realistic way for the financial insititution to distinguish it from a legitimate transaction.

There are no easy answers, so I am a proponent of a layered approach.

My 2 cents.

Mark RFebruary 22, 2010 10:16 AM

Can anybody comment on the relative security of:

1 - Using a gas pump with an ATM card & Pin;

2 - Using a gas pump with an ATM card, but processing it as a credit card (which usually requires entering some not-too-secret information such as postal code);

3 - Using a gas pump with a credit card.

I usually opt for #2... my card has a Visa logo on it, and my understanding is that when used as a credit card, it gets the same protections... but now I'm thinking about switching to #3.

GregWFebruary 22, 2010 10:40 AM

@Clive, @HJohn:
Regarding card issuers vs merchants liability... as an ex-online-merchant, I can confirm we were definitely in a strong position to determine fraud via things an issuer would never know. And while some things can be conveyed to the issuer nowdays (e.g. originating IP addresses of a transaction), many are specific to attributes of products and services that correlate with fraudulent credit card usage.

However, my take is that the liability should be substantially shared, to incentivize system-wide data sharing about fraud. I completely agree that the issuers are not enough on the hook.

For example, what was most maddening to me building merchant-side fraud detection/prevention, was that I had no (automated, well-defined) way to alert issuers that we were getting fraud activity from certain card #s without actually sending the transaction to them and accepting the liability.

We filtered out 95+% of bad transactions on our end (to avoid the liability fees for bad transactions on our end) so the red flags we saw were never even theoretically conveyable to the credit card issuer.

For example, if I saw the same IP address from a third-world country (and we were 98% US-based) send us 3 different bad credit cards in a row in a 10 minute period, and then the 4th one "passes" the payment gateway's acceptance/rejection and AVS criteria, I had no way to tell the credit card issuer as we requested the fourth transaction: hey, that fourth card for which we requested authorization is highly suspicious.

Likewise, after the transaction had been auto-processed but then reviewed hours later by a human monitor who cancelled the transaction based on various suspicious signs in our systems, there was no way to then notify the credit card payment gateways that we as merchants cancelled the transaction due to suspected fraud.

At times, we would see new accounts opened with credit card #s that we had previously closed for fraud, days, weeks, or months earlier, yet according to the card issuer, they were still good/working cards. Accounts opened by "Abu Majar" from an egypt IP using a card with the name "Linda Stone" with a zip code in Washington DC, after Abu had also submitted cards (that were rejected) for "Steve Chen" and "Lisa Falcone"...

Does Linda know her card is compromised? There is no (automated/systematic) way for the merchant to tell her, or the card issuer, without accepting what they see is a bogus transaction.

From a system-wide perspective, ironically, the better every merchant's fraud detection becomes, the longer it will take for an actual fraudulent transaction to occur with a credit card and for the fraud/unauthorized usage to be detected by the issuer or card owner.

What I always thought the issuers should build was some system where merchants could report suspicious cards with varying degrees of certainty, and other merchants (or the issuer) could then take that suspicion (or an issuer's aggregated view of it) into account when they processed a transaction for a card.

Kiaser ZohsayFebruary 22, 2010 10:52 AM

The only place I use my PIN is at an actual ATM getting actual cash, mostly at machines operated by my financial institution. After swiping my card at POS terminals, I am constantly asking "What do I push for credit?" I have been doing this to prevent my PIN from being transmitted over networks of uncertain security. Now we see that the network is vulnerable right up to the card slot.

I would be curious to know the maker and age of the pumps involved.

HJohnFebruary 22, 2010 10:58 AM

@GregW at February 22, 2010 10:40 AM
__________

I agree with most of what you say, and definitely sympathize with the difficulty of the dilemma on your side.

This is why I think everyone involved in the issuing of the card, handling of the card, accepting of the card, monitoring of the card, and review of activity should have some culpability.

My wife once had her identity stolen (actually, as Bruce points out, her identity wasn't stolen, it was impersonated--she kept the identity and the mess it was framed for). Turns out, her information was collected by an authorized user at a business I won't name. Until she ran her credit report, almost a year later, she had no way of knowing.

Point being, since there was only one point of failure at each level, it was easy to circumvent. Data protection didn't help since she was an authorized handler of SSN/etc, signature checks didn't help because she signed my wife's name in her handwriting on the back of the card, statements didn't help since my wife never saw them, the financial institution (after issuing the card too easily) was clueless since she paid minimums and the expenditures were mostly local, etc. And, to be blunt, credit reports just aren't timely enough.

This is why I advocate layered approaches. Every party in a transaction should have a stake in its validity. Any party that doesn't have a stake won't care and will be the layer that is most exploited. In many cases, it's a weakest link problem.

Matt from CTFebruary 22, 2010 11:37 AM

>I really doubt someone could pull this
>off unless they had otherwise legitimate
>access to the device.

In many rural areas, I've seen them in upstate NY for example, gas station pumps are available 24x7 even though there is no attendant on duty overnight.

This supports locals, especially truckers, farmers, and construction companies that may have gas needs in the early morning hours before there would be enough convenience store business to pay the clerk.

They don't exist in my area of New England I believe due to tougher safety standards that require an attendant on duty.

At these unattended stations you could easily go un-noticed while installing it, and if there's no obvious vandalism or stolen gas who would check the security video?

EricFebruary 22, 2010 11:42 AM

This very same thing happened not 5 minutes from my gym at a 7/11 in Sandy Utah last week.

They found a blue tooth transmitter in the unit and assume the theif picked up the data on regular intervals from a nearby parking lot.

The 7/11 is the only gas stations near 3 strip malls and the unit ran through the entire thanksgiving and christmas season.

I dont gas up there :)

e-

Matt from CTFebruary 22, 2010 11:49 AM

Reading my post above, it's an interesting trade-off in safety and security that's caused that situation.

Companies and farmers used to routinely have their own diesel and gasoline tanks to meet their own needs.

As environmental regulations increased, it made maintaining your own tanks increasingly expensive.

Having an automated, unattended fueling station allows higher environmental standards to be met while still providing reasonable convenience for people who use a lot of fuel and when they need fuel need it immediately in order to get their job done.

martinrFebruary 22, 2010 11:53 AM

There is also a problem with some of the defensive measures taken by some of the banks (at least here in Germany).

Some of the banks themselves (or their ATM providers/contractors) have added anti-skimming devices in form of redesigned plastic beaks glued in front of the card reader slot, specifically covering the area of the magnetic stripe. Pretty much all ATMs that I use have some plasitc beak mounted over the machines card reader slot these days.

Over a year ago, when the skimming became popular and was all over the news these plastic beaks started popping up on ATM machines. When I used an ATM of Deutsche Bank, I found that new plasitic beak being loose, so I laid it down next to the machine. under it, there was the naked slot of the ATMs card reader, with glue around that slot that failed to keep the new beak in place.

I think it is a pretty bad idea to glue a plastic device onto the machine that is indistinguishable from a skimmer. Instead, they should ensure that it becomes obvious to the customer that there is *NO* device over the machines card reader slot (and its metal case).

I am not convinced that these plastic beaks can not be replaced by real skimmers. They should have at least used transparent plastic, rather than a dark grey material that leaves every user of the machine in the dark about its purpose and contents.

HJohnFebruary 22, 2010 12:07 PM

@Matt from CT: Reading my post above, it's an interesting trade-off in safety and security that's caused that situation.
__________

True. It used to be "full service," and "self service" became a way to lower gas prices buy reducing labor overhead. Now, "pay at pump" does the same thing.

Migrating from full service to self service resulted in an increase of people who drove off without paying. Likewise, "pay at pump" has introduced a whole new class of risks.

It's all about trade offs, as you said.

jgrecoFebruary 22, 2010 12:32 PM

@martinr

I have seen several ATMs in my area equiped with transparent (generally green I think) plastic beaks that are light from the inside with LEDs so it is obvious they are transparent. Seems like a pretty good idea, though I assume the insides of an ATM are more secure than a gas pump so internal skimmers are less of an issue.

Concerning the installation of skimmers in pumps: Now that I think about it, most gas stations in this area are manned by minimum wage highschool students. With the right outfit and an air of importance, I bet you could convince them you were doing a "random weights and balances check" or some similar inspection nonsense and they would never think anything of it.

jgrecoFebruary 22, 2010 12:38 PM

Oh, I've been meaning to mention this but just now remembered. The (somewhat shady) 7-11 I usually use for my bread, eggs, and ATM needs recently got a new ATM. The card slot on it looks _disturbingly_ similar to the skimmer linked on here a few weeks ago. A visual inspection did not reveal any obvious cameras and I was unable to dislodge and pieces when I pulled on it, but it did spook me quite a bit.

http://www.schneier.com/blog/archives/2010/01/...

In particular, the panel with the diagram and braille was quite similar, in shape/size.

Clive RobinsonFebruary 22, 2010 12:49 PM

@ Hjohn,

"Ugh, you are correct that I typoed. That's what I get for posting before I've had my coffee."

I just assumed it was a "little problem or two" giving you red eye 8)

How are they doing are they on to teething yet?

@ GregW,

The problem you describe is again the card issuers not taking responsability.

Not to put to fine a point on it, the card issuers designed a system that they forced down peoples throats one Valentines day a few years ago in the UK.

Fraud went up as a consiquence to poor design choices (like fall back to mag stripe etc).

I find it incredably difficult to belive that the choices where not "marketing" driven.

And as you say there is no suspicious activity alerting for a merchant back to the bank via the payment gateway, nore any way to report it back to the card issuers.

Now I may be wrong but I can not help but feel their whole system is set up to take money from a merchant and not alow the merchant to protect themselves.

@ Sarad,

"This disclosure is a double edged sword... ...it may cause any one who previously had withdrawn money from that ATM to falsely claim that their money was stolen."

Yes somebody could try it on but unless they made some adnormal large transactions in the same way the crackers did then it might well be a mute point.

HJohnFebruary 22, 2010 1:10 PM

@Clive Robinson: I just assumed it was a "little problem or two" giving you red eye 8) How are they doing are they on to teething yet?
_____________

Two would be right. :)

They are doing great. They turned 8 months old last week, and are still wearing onsies' for a 3 month old. They are just now starting to teeth.

What's especially amusing about 8 month olds in 3 months' old sizes is that size 1 diapers are too small to hold "number 1" overnight, and size 2 diapers are too large to fit snuggly enough to keep "number 2" in, if ya know what i mean. ;)

HJohnFebruary 22, 2010 1:15 PM

I think one obvious way Joe Consumer could circumvent the system is collusion. He could make sure he is one place, work, for example, and "lose" his card. Someone buys a computer, clears out his account, etc., during this time. He then reports his card lost. Meanwhile, when all is said and done, he gets the computer from or splits the cash with his buddy/cousin/etc.

That's what will happen from time to time when consumers have no culpability for lost cards.

Again, not a simple problem overall. Skimming, however, is a bit different, as it doesn't actually involve a lost card, but a compromised card number and a compromised PIN.

JonFebruary 22, 2010 2:05 PM

Unless you are getting money from an ATM, ALWAYS select "Credit" when using your debit card. The merchants don't like it because of higher rates and sometimes attempt to configure their POS terminal to steer the customer to using a PIN, but it's always possible to run your debit card as credit if you have a Visa/MC logo on it. The benefit is two-fold: you get some additional buyer protection and, more importantly, your PIN won't be compromised.

SlartyFebruary 22, 2010 2:28 PM

@Randy

"Wouldn't this have to be someone that has legitimate access to *inside* the pump? I don't think I'd be able to take a pump apart with the attendant noticing?"

I was in a bar the other day when a guy wearing a polo shirt branded with a well known local EFT company walked in.

He spoke to the manager, he then plugged in a laptop and uploaded software to both the register and the EFTPOS machine.

Afterwards he asked for a signature and left.

I asked the bar manager about it: he said he often gets people in to do firmware upgrades, sent by the Bank or the POS company. He has no idea they are coming, and he has no way to verify their ID (beyond the card they carry, which as we all know is useless).

So, as to access, I don't think that would be a problem.

Have a look at this story:

http://www.3news.co.nz/...

HJohnFebruary 22, 2010 2:42 PM

@Slarty: "So, as to access, I don't think that would be a problem."
______________

Probably not.

As Matt described above, gas stations in that close would be good targets. Surveillance videos are not cost effective to watch when nothing is suspected.

Also, I would imagine that 24/7 stations may not be a big deal either. Pull up to a pump in a van at a busy time, block their view of you, and they'll be too busy to check hard anyway (vans are not uncommon in gas stations). As someone else said, they can be installed in 8 minutes with ease, and don't count too much on other customers saying much. In fact, all the perpetrator has to say if questioned is that he's with GasCo our PumpCo or whatever, and was replacing a faulty reader. Heck, they may even have some receipt paper they can show then and say "I'm adding more paper," maybe even have a business card. Anyone that gets their hands on a device such as a skimmer and can install it is most likely going to have answer to questions. They probably would do it at a busy time on weekends when a manager was not available, they may even have the manager's name on some "work order."

They're often quite diligent in covering their butts.

RandyFebruary 22, 2010 3:16 PM

@HJohn: Using collusion for theft...

Me and a buddy long ago discussed this security hole. The plan would be to trade cards with someone, buy what ever you wanted and then report your card missing.

Not foolproof, but perhaps close as long as you didn't get your face or car on too many cameras.

Randy -- notthatiwouldactuallydothat

HJohnFebruary 22, 2010 3:28 PM

@Randy: "Me and a buddy long ago discussed this security hole. The plan would be to trade cards with someone, buy what ever you wanted and then report your card missing. Not foolproof, but perhaps close as long as you didn't get your face or car on too many cameras."
____________

Cameras really aren't as valuable as one thinks, unless you have it narrowed down to a smaller group to compare it to. Their best value is as a deterent.

Collusion is nearly impossible to prevent in some circumstances, at least in a manner where the benefit is worth the cost.

I, unfortunately, forsee a future with technology that will migrate to biometrics for almost anything. Some people will think this is good, but concerns over government control (and ineptitude) still get the best of me. I shudder if it ever goes as far as using a finger scanner to access one's bank account (the possible and eventual elimination of paper money would lead to a disasterous amount of government control).

Anyways, I don't want to go to far off topic, but it's part of the overall picture, be it fraudsters, collusion, skimmers, etc. We start with cash which is lost or stolen with no recourse. We move the checks, which have a trail but lead to differnt types of fraud. We then move to payment cards, which has a bigger trail and detection algorithms, but has led to different types of fraud. And so on. Each method has lead to much less privacy than the method before.

cowbertFebruary 22, 2010 5:28 PM

Even if the gas pump is some how "secured", remember, physical security only increases the amount of time it takes before someone can penetrate it. Since the pumps are turned off when the gas station closes for the night, usually the cameras, which were designed to catch people stealing gas without paying, are also turned off (the lights are turned off anyway, making the cameras useless at night to begin with) which gives an enterprising perp wearing the appropriate clothes and standing in the appropriate position (between the pump island any view from the street) multiple *hours* to penetrate the physical security of the pump, install his device, and exfil without leaving a trace.

Clive RobinsonFebruary 22, 2010 5:47 PM

@ HJohn,

"size 2 diapers are too large to fit snuggly enough to keep "number 2" in, if ya know what i mean. ;)"

Agh I've less than fond memories of exploding nappies/diapers.

Especialy fool that I am I insisted we went for the environmentaly friendly reusable option (No don't ask and more importantly don't go there)....

Suffice it to say I now know why "men are hunters" and "women are gatheres", because we men just cannot get our own let alone our off springs 5h1t together at 4 in the morning ;)

It's always 3-4AM to late to get back to sleep to early to get up.

I should mention before being a father I was a light sleeper and would wake at any out of place noise like a fox sneaking past the window in summer. Now however my son has to literaly jump on me to wake me up at "Oh my god it's not even morning" much to my other half's anoyance as he is now trained and goes and wakes her up instead of me 8)

The secret as a parent is never ever and I do mean never ever respond to "daddy I'm feeling thirsty" or any other of those little needs. Once they know that three hours of persistant nagging will wake you up then three hours of nagging is what you will get....

DCFebruary 22, 2010 6:03 PM

As one who has had a debit-only card hacked, nope, calling it a credit card at the POS terminal does emphatically NOT give you the extra protections, unless it's really a credit card too and you have that contract with the actual credit provider that provides those protections.

I found this out the hard way -- a debit-only card (and it does have a VISA logo on it) is a debit card with zero protections, period. I had even had them disable any use of it as a cash card by setting a special disallowed PIN which they guaranteed to not work ever, anywhere. Well, being able to use one as a though a credit card with no PIN opens this rather large hole, despite that.

This is what they said at my small town bank, who issued the card. As I am a big fish in this small pond, I simply told them that if my money wasn't safe, lets cut me a cashiers check right now (7 figures was enough to get their attention in a county with

That got them to institute fraud proceedings, they actually did catch the guy (it was pretty flagrant) and I got my money back -- eventually.

The only thing that saved this is the guy kept on doing it daily -- and they changed my card number right away, so the old one stopped working for him.
The only reason the loss wasn't major is I suppose he didn't know that card was connected to a business payroll account and had quite a lot of money in it -- he was just getting enough for his heroin habit. (which costs surprisingly little compared to paying a few good computer programmers as this account was set up to do)

So far, I've been hacked twice. The incident above we still don't have a clue how it happened, other than that my card number (the part that's actually not a bank id or checksum) was "1". So a brute force search would get lucky quick on that (the checksum algorithm and other info are public knowledge so we don't even have security by obscurity). Bad day for "early adopters" I suppose.

The other time, I bought some things from a reputable supplier, and then suddenly saw charges for things shipped to the same part of the country, but far from me.

It wasn't the supplier per se -- it was someone dumpster diving who got my numbers because of the supplier's idea that once they tossed something in the trash, it was safe. Nope. Having been through this once already, the second time was easier to get resolved...that guy got caught too, in that case he'd used his own address so it was pretty simple. We are lucky that most criminals are kind of dumb...

The upshot is I now maintain several accounts, and the ones that have cards I keep most of my money *out* of -- so at most I lose a little, but never a lot.
This imposes the extra work on me of transferring money to them from a more secure account frequently, but it's what I can do that does work.

I have no credit cards -- I don't have a credit rating, it's completely blank. A life of being prudent and only spending what I made has done me OK, but no one will touch giving even a millionaire and owner of a successful business a credit card with a *blank* credit rating....go figure. And yes, I tried, even when they were giving anyone who could fog a mirror a subprime mortgage. The bank suggested I borrow money from them (with my land as collateral) and take a few years paying it back, with the money in the bank already (they even offered to set up an automatic withdrawal/payment system so I'd never pay late), then trying again. Yeah, right, that constitutes quite a profit for them for zero risk on their part, whether it works or not....not to mention the years it would take.

Clive RobinsonFebruary 22, 2010 6:04 PM

@ HJohn,

"I, unfortunately, forsee a future with technology that will migrate to biometrics for almost anything. Some people will think this is good..."

I think Matt Gronig (he of Simpson's and Futurama) probably agrees with you.

My son is shall we say more than a little keen on Futurama and in one episode (A fishfull of dollars) there is a bit where the anti-hero "Fry" goes into the bank to see if he has any money.

The bank teller say's "We don't appear to have your retinal or rectal scans on file, do you remember your PIN" even after watching inadvertantly for maybe the 150th times it still makes me wince...

It begs the question just how personal does the invasion of a persons privacy have to get before they will say "no more".

Annmarie D. HartFebruary 22, 2010 6:25 PM

MagnePrint is the answer.
It detects skimmed or sniffed cards. It matters little where the data is harvested. It matters most that we (issuers, merchants, acquirers, brands, etc) can determine that the payment instrument or the data on it have been compromised.

p.s I never use a branded debit card, with or without a PIN. It's just too risky. Credit cards are much safer.

Clive RobinsonFebruary 22, 2010 6:41 PM

@ Doug C,

"I have no credit cards -- I don't have a credit rating, it's completely blank. A life of being prudent and only spending what I made has done me OK, but no one will touch giving even a millionaire and owner of a successful business a credit card with a *blank* credit rating....go figure."

The reason I finaly got a credit card was because like you I didn't have a credit rating either (again by choice of being prudent).

The organisation I (used to) bank with had decided that as part of the move to Chip-n-Spin they would automaticaly upgrade the old accounts to every profitable (for them) service they could.

Having been pushed into it I got a combined credit/debit card (yup I found out most merchants configure their EPOS to be debit not credit by default and remove the customer select option)

I found a place where you could chose (debit or credit) and bought a cheese burger there on credit once a week for three months and paid the minimum balance (ie interest only).

I discovered I had a good credit rating and went and got a CC only card with another organisation and shut the original bank account down (this CC only screws the managers who set Debit default no customer change in their EPOS).

Being prudent the new card I pay in full by direct debit unfortunatly this has hurt my credit rating...

Go figure, buy a cheeseburger a week on credit and pay interest only makes you a good risk, paying off promptly makes you a bad risk (especially if you refuse all other credit and refuse to let your credit limit rise)

I can only assume that credit rating is in reality based on how much profit you make a financial organisation...

Clive RobinsonFebruary 22, 2010 6:54 PM

@ cowbert,

"Even if the gas pump is some how "secured", remember, physical security only increases the amount of time it takes before someone can penetrate it. Since the pumps are turned off when the gas station closes for the night, usually the cameras, which were designed to catch people stealing gas without paying, are also turned off"

As HJohn has noted it is a change in incentives that opens up the great big gaping security hole.

As far as the station owner is concerned what he is protecting against is theft of fuel. He turns the pumps off then no fuel is going to get stolen.

So his incentive is to get pumps that are cheap and meet his security requirment (so easy access to the insides as the pump is down the hole).

He is not going to see the loss of card skiming so it is not going to be on his radar. Unless...

Bad publicity makes it so (as in this case) however he is not going to blaim himself for getting the cheap pumps "Oh no Sir that's the pump manufactures fault".

I can assure you that if the pumps where to take cash, then the station owner would either empty them every night or insist they where made like Fort Knox...

Clive RobinsonFebruary 22, 2010 7:03 PM

@ Annmarie D. Hart,

"MagnePrint is the answer. It detects skimmed or sniffed cards. It matters little where the data is harvested. It matters most that we (issuers, merchants, acquirers, brands, etc) can determine that the payment instrument or the data on it have been compromised."

I think you will find when the technology you are marketing was discussed on this blog it was found to have major short commings.

Not least of all the worthless upgrade cost to the required proprietary equipment.

What the CC industry needs is "cleaning up it's act" not another pointless "techno arms race" that MagnePrint is almost certainly going to start.

BillyFebruary 22, 2010 7:40 PM

> The most foolproof way to avoid such as scam is
> to use cash. Or, Milka said, a customer could go
> inside the station office and have the clerk swipe a
> debit card, Milka said.

And just how is the scanner inside any less likely to have been tampered with, really. Wouldn't the skimmer the clerk (whoops, I mean bad guy) put on the pumps work just as well inside?

DavidFebruary 22, 2010 8:30 PM

[i]The more I think about it the more I like Bruce's idea of make the card issuers pick up all the bad debit not even the banks or the merchants and most definatly (sic) not Jo Consumer.[/i]

Or just use a credit card. Assuming you pay it off every month, it's by far the most secure way to transact business. I do not understand why anyone would use a debit card instead, unless they are unable to get a credit card. Why on earth would you want to give crooks direct access to your money?

kyhmFebruary 22, 2010 8:47 PM

This doesn't surprise me, really... A few months back I noticed the panel on a pump at a local station was unlocked, after I'd finished filling up and taken the receipt. The lock didn't look forced, it just swung open. Since my bank was just down the street, I headed there and changed the PIN.

Interestingly, a few weeks later my card was shut off with a message to contact the bank, "because it had been used at the same location as other customers who'd been defrauded." They were quite happy to turn it back on when I told them about that station and that I'd already changed the PIN.

@DC:
I've recently started doing this, and wonder why I hadn't thought of it sooner. Unfortunately my bank doesn't make it any easier; I can only pay bills electronically from the account linked to the card, for example, requiring even more transfers.

Nick PFebruary 23, 2010 3:13 AM

@ Clive on MagPrint

To be fair, the MagPrint advocates addressed many of the concerns well at the end. However, I don't like repetitive advertising posts. I prefer Rob Lewis's (remember Trustifier?) approach: hit all kinds of blogs, make the broad claim of security, provide references for the inquisitive, debate a bit, leave contact info, and disappear (marketing comments, that is) until asked. For an evangelist, at least he shows some respect. The magprint people are quite different and even obnoxious to a degree.

There's one other problem with magprint: it could be the next skype. As in, remember how Skype received praise in a security evaluation by a reputable cryptographer, then its internals looked totally different when it was reverse engineered and hacked in a Black Hat conference paper? One said they correctly implement crypto to make users & them better off, whereas the latter said they just used crypto enough to obfuscate their activities. The issue is trust: do they really do what their proponents or carefully controlled evaluations claim? Or do they claim to do that, then do something entirely different (and dangerous) in reality? This apparently is the case with Skype. They can't be trusted. What about MagPrint? Does it work like proponents say or are they just drinking the company's [poisoned] Kool-Aid? Can we know, Clive? (hint: doubtful w/out breaking espionage laws ;)

foobarFebruary 23, 2010 3:34 AM

Sounds like a lot of work that attack.

Much better one I remember from the 80s was on these safety deposit boxes at banks where people could drop off an envelope with cash and a slip containing the account number and whose money it was. Used by shopkeepers that wanted to deposit the daily proceeds after the bank itself had closed for the day.


This attach was very low-tech but worked.
It was basically a standard cardboard box on the sidewalk and a note "safety deposit box out-of-order, deposit in cardboard box instead".


That that worked proves to me that this problem can not be solved by technology.

Clive RobinsonFebruary 23, 2010 5:26 AM

@ Nick P,

"There's one other problem with magprint: it could be the next skype."

What was the old joke about the CIA logo which has the words "In God We Trust" around it with the unwritten subtext "All others we check".

MagnePrint's main claim to fame is it takes a "signiture" of the magnetic partical size on the back of the CC etc.

As I pointed out to them although an interesting rework of an old idea (Simmons et al) it is based on a flawed assumption. In the case of magnetic particles on the back of CC's they are very large and thus make a lot of low frequency noise (this is not an issue with data but sure is with analog signals like audio or video).

With analog systems they try to remove the problem by using much finer grained magnetic particles thus taking the nois spectrum up several orders of magnitude. But importantly also taking the analog bandwidth up by the same amount.

The problem MagnePrint has is that for their system to work they have to band limit the signals they are looking at to a particular range.

Thus if you can find analog tape that has a bandwidth of atleast three (preferably five or more) times this upper bandwidth then you can record and reproduce the noise signal they are using without any real issue.

Thus an attacker could simply make a "HiFi" recording of the CC signal from the reader head and lay this down on the back of a card they had superglued a piece of appropriate analog video tape or high density data tape too.

Although this can be detected I can not see MagnePrint doing it as the cost would be disproportiantly high. Thus when forced to do so it would be a retro fit which the consumer would be paying for in two ways.

Firstly as with all such holes in financial systems where the risk has been externalised. The card issuers and banks will go to court and put in some paid for mouth piece to say "Our magic pixie dust technology we cannot talk about shows it must have been the card". Even though the card issuers and banks know the system is broken beyond redemption, they don't tell the paid for mouth piece, thus the paid for mouth piece is not committing purjury.

As even getting to that stage takes years MagnePrint and the Banks keep up the pretence and Jo Customer who has been skimmed through no fault of their own gets to swallow the loss (hence banks and merchants forcing Debit Cards down peoples gullets). It is a Standard Operating Procedure for Banks and card issuers which they demonstrate over and over again and get away with because judges let them, thus they are very like the tabbaco industry, however unlike smoking where there is some semblance of free will for Jo Average, there realy is no choice for the majority they are forced to use banks.

Secondly even after it becomes publicaly clear that the finger print system does not do as advertised it will carry on being used. There will be some upgrade or new DNA varient and so the cycle will repeate. All of which gets paid for by Jo Custommer.

The honest thing to do would be to admit the plastic card mag stripe system is broken beyond recovery.

But the card industry and the banks won't do that as long as they can externalise the risk.

And as there will always be the likes of MagnePrint comming along with more "magic pixie dust" to sprinkle on top the cycle will continue.

And don't think MagnePrint don't know this they do, their entire idea rests on this "magic pixie dust" mentality.

Thus it passes the tests required to make it "Snake Oil" or "Emperor's new Clothes".

Then of course there is a third aspect "end runs" around security with "legacy systems".

When Chip-n-Spin came in the card skimmers simply moved their point of attack away from Chip-n-Spin terminals in the UK to countries that still had mag stripe terminals. By the time other countries started puting in Chip-n-Spin the skimmers had discovered holes in Chip-n-Spin thus we started on a new cycle.

What we need is an Ageian Stables solution to the problem, not sprinkle a little more clean scented straw on the old pile of 5h1t.

This "slap a band aid on a broken bone" mentality is rife in a "faux free market" where one player has overwhelming resources against those that actualy take on the risk.

Any way speaking of medicine, I've just had a phone call thi morning to say I'm going back into hospital for surgery to try and fix the problem from the last lot of surgery...

So my responses may not be up to their usual standards ;)

HJohnFebruary 23, 2010 8:56 AM

@cowbert: "Even if the gas pump is some how "secured", remember, physical security only increases the amount of time it takes before someone can penetrate it. Since the pumps are turned off when the gas station closes for the night, usually the cameras, which were designed to catch people stealing gas without paying, are also turned off"
______________

You are correct physical security increases the time to penetrate.

However, I think you are incorrect that the cameras would be turned off. They may be, but most places would want them on to deter/catch vandalism and other crimes.

Their failure in regards to skimming is that, if there is no noticeable crime/vandalism/theft (and there won't be, that is the whole point of skimming), there is no need (and really little reason in most cases) to take the time to study hours of video. By the time the skimmer is discovered, the videos may well have been overwritten. Usually, when credit card numbers are disclosed through skimmers, locating the source of the disclosure, and ultimately the skimmer, is no simple feat.

HJohnFebruary 23, 2010 9:02 AM

@billy: 'And just how is the scanner inside any less likely to have been tampered with, really. Wouldn't the skimmer the clerk (whoops, I mean bad guy) put on the pumps work just as well inside?'
___________

It would be much tougher to tamper with the inside scanners. The attraction of gas pump and ATM skimmers is that they stations are not manned and vulnerable. The scanners inside, like when you swipe your card at the register, is not very far out of the sight and control of a cashier/employee.

Rich WilsonFebruary 23, 2010 10:04 AM

@HJohn

I don't see how this incident was anything but an inside job. Inside in that they paid off a staff. The motivation for putting it outside is that other employees besides the one you paid off will never notice. And I suppose there are more cameras inside.

BTW, this is the station where I buy my gas- always with cash.

HJohnFebruary 23, 2010 10:08 AM

@Rich Wilson: "I don't see how this incident was anything but an inside job. "
______

It's possible. I won't pretend to be able to know for sure. There are two motivations for both insiders and outsiders.

Insiders may have opportunity and ease of setting it up, due to their authority and ability to tamper with equipment without much question.

Outsiders, on the other hand, have the advantage of no real connection to the business.

When things like this happen, I would assume the first ones looked at would be employees.

But you're right, it may have been inside. I don't know for sure.

RobertFebruary 24, 2010 8:53 PM

@clive
Interesting ideas on Magneprint security. Today there is a lot of activity in the secure chip area related to implementing unique card ID's based upon characteristics of the chip which cannot be faked or predicted in advance. These are called PUF's (physically unclonable functions).

I consider most of the proposed, chip based, PUF's to be totally understandable and potentially reproducible functions. The so called PUF generally involves the continuum of analog behavior being interpreted in a digital manner. The attacker however will simply revert to an analog detection method and thereby measure the imperfection that makes the PUF unique.

Does anyone have thoughts on this ?

Nick PFebruary 24, 2010 10:53 PM

@ Robert

I don't know if you intended to, but you basically just repeated what Clive said above.

RobertFebruary 24, 2010 11:21 PM

@NickP
sorry if I missed another post where Clive specifically addresses On Chip so called "Silicon PUF's". I believe Magneprint specifically refers to the magnetic strip cards, where as I was inquiring about smartcards.

These are the newest thing being touted to improve RFID and smartcard security and address a whole range of Crypto key generation problems. Unlike "on chip" Random Number generators, the PUF's should always return the same unique ID number but there should be no way of predetermining what this number will be, and no way of directly accessing the PUF without altering the differences which caused each PUF device to be unique.

Silicon PUF's is all a little "to good to be true" but for the moment I still have an open mind and would like to see what others think.

If anyone has specific experience decoding on chip PUF's than I'd be very interested to talk with them.


Clive RobinsonFebruary 25, 2010 12:28 AM

@ Robert,

I'm only vaguly aware of PUF's.

If I remember correctly it came from an an idea that was originaly touted last century to get around the issue of putting a unique serial number on a CPU or other chip.

If you think about it puting a perposfully unique structure on a chip that cannot be altered is a very expensive process which ever way you do it (laser / fusable links / quantum structures).

Thus the idea was to make measurments of the physical uncertainty caused by the manufacturing process. That is to look for suficiently unique "tool marks". A process often called "fingerprinting".

The problem with all these "fingerprint" processes is "measurment" uncertainty which you have to get over for repeatability of reading.

That is if you can measure something reliably then you can duplicate the measurment or the measurand and have the same result.

If you think about what you are doing you have,

1, Physical object.
2, Physical sensor
3, Information evaluator.

The process of evaluation is not physical it is informational. The physical property is converted to information by the sensor. Thus you can attack the system at any of the interfaces by,

A, Duplicating the object.
B, Exploit weaknesses of the sensor.
C, Inject information into the evaluation input.
D, Inject information after the evaluation process.

The argument that an object that can have one physical atribute that is reliably measurable but cannot be duplicated is in reality a nonsense due to the limitations of the sensing process.

That is I can cut you two steel bars that will measure to the same length under the same conditions. This is simply because of the uncertainties in measurment under all conditions means you have to alow for quite a large granularity of measurment to get a consistantly reliable result. Generaly you can work an object down to the noise floor and below.

It is the flip side of True Random Number Generation.

It is only possible to have True Random Number Generation due to uncertainty. That is no measurmant is certain or repeatable beyond a certain point and we can use this uncertainty to generate bits of information we have no way of predicting in advance. This property holds true for the measurment of all physical properties.

We lump all these uncertainties and other issues together under the general term of "noise".

A signal only starts to become reliable when it is at a minimum two orders of magnitude above the peak magnitude of the system noise floor. It usually needs to be at least a magnitude above that again for non coherant measurment.

I could go on and describe how all the interfaces suffer from exactly the same problems when it comes down to it.

But I don't think it is realy required to show more than one way by which a system is flawed.

RobertFebruary 25, 2010 2:05 AM

@Clive
Thanks for the response, well thought out and insightful as always.

With the On chip Puf's "
first problem is to gain access to the chip(de-cap), not really that hard.

second problem, Identify the PUF (probably also not that hard) due to the need to isolate the structure so that other signal coupling effects do not dominate the "manufacturing noise" measurement.

Third problem: Inject an extremely small offset, probably an order of magnitude less than the manufacturing offset. Extremely hard !

Things that I would try:
Inducing a Thermal offset in the PUF measurement circuit, probably with a focused IR laser, probably from the back of the chip.

Create a very localized E-field disturbance and try to couple this into the differential PUF in such a manner that it effected just one side.


I have not tried any of these things but it sure sounds like fun....


Clive RobinsonFebruary 25, 2010 8:34 AM

@ Robert,

Sorry my earlier post reads a little bit oddly earlier. It was 5AM in the UK when I read your second post (to Nick P) and I'd been awake all night.

As I said you could attack any of the interfaces.

A, Duplicating the object.
B, Exploit weaknesses of the sensor.
C, Inject information into the evaluation input.
D, Inject information after the evaluation process.

My personal choice would be investigate one or both of the information interfaces first (ie C,after sensor or D, after evaluation).

If you can get the "after evaluation" (D) interface then you've got the system dead in the water as in most cases it is effectivly a binary response (good
/bad) and the same across all the chips made from that particular stepping mask.

Attacking the eveluation input would be harder but...

It depends on how they go about the evaluation process. Worse case they could do a serial bit by bit test and compare with an XOR gate. In which case you don't need to know anything about the individual chip as all you are doing is setting both inputs to the same value to set the XOR output to zero show both bits are the same. Thus this evaluation input attack would be as devestating as the the evaluation output attack.

Most other evaluation input attacks (C) and earlier (AB) in the chain are "replay" attacks which at first sight would require knowing something about the individual chip unique property.

But...

Actually not in all cases if you think the process through,

When the chip is manufactured it has no knowledge of what the resulting unique number would be, the earliest it would know this would be after first powerup.

The question is then what does it do with this number and how.

The first thought is, is it ever sent "off chip" or only ever used "on chip".

If the number is "read out" of the chip some how then this enables it to be read again which means that yes you could determin it's value.

If it's used "off chip" (ie not read out of the chip in any way) then this opens up another interesting thought line,

What is done with the unique number and when and how.

This is getting down to being application specific but you could still find broad clases of attack.

One of which is "if the unique value stays on chip at all times in what way is it being used with regards to power cycling the chip.

If it is not somehow being preserved across power cycles in some functionaly dependent way (say used as a key to encrypt/decrypt program code held internaly) then it is vulnerable to a forced reset attack.

That is you reset the chip and force the early steps in the chain to produce a fixed result (say all zeros or all ones). Thus you are effectivly overwriting the first reading of the unique value to a value known to you that you can then exploit.

As for sending the value "off chip" this presents significant opportunity to find protocol failures in not just the communications but also the state design of the chip. Once you find on thet you can "work", and there almost certainly will be based on the current state of the industry, then you can find the unique value to enable you to attack the chip further down the chain if actually required (Remember even the NSA fell foul of protocol failure problems with the Capstone key escro system back in the Clinton era, thus the lesson NOBODY AND NO SYSTEM IS PERFECT!!!).

All of the above attacks have not involved physicaly attacking the chip so would get around anti-tamper etc protection.

The only question is how to "induce" the attack on the chain. Well the simplest way is with a "fault injection attack" in the early part of the chain.

My personal choice would be with EM radiation injected either directly onto a pin or coupled in via a "micro probe" inductor, neither of which require the chip to be attacked physicaly.

It is this "no physical" attack aproach that made me look into it back in the 1980's and I found quite easily just how devestating this general class of attack is. However I appear to have been a "lone public voice" on this untill very recently when two bods over at the UK Cambridge Labs performed the simplest of the EM fault injection attacks on a TRNG and took it's output from 32bits of entropy down to 8bits of entropy.

The nice thing about some EM attacks is you don't have to have physical contact with the chip, some even work well outside of the equipment housing the system that contains the chip is mounted in...

So to give it a 1950's comic book view it's a "Death Ray for Electronic Security" ;)

The simplest way to inject an EM signal is via the "micro probe" however it is very orientation sensitive. Also it can be a little difficult to focus down. This can require you to develop your own micro probs using differential signaling axialy between two or more probes etc. Which at microwave frequencies can be quite difficult to do as you require long transmission lines with respect to the wavelength in use thus may require electronic phase shifters etc. Not exactly difficult but you need to know what you are doing. Most EMC labs will have the bits you need and a good EMC engineer who can also think "hinky" will be able to do this as will any competent EmSec technician (so we are not talking "Mad Genius" grade abilities for the "Death Ray" ;)

The next method of connection is at the chip pins. And this is where you can get up to all sorts of tricks that realy are quite devestating. There are a lot of variables involved but you can walk a "fault signiture" back throught the chip buffers and drivers to the heart of the control logic, you can change logic state and thus compleatly own a chip that you have direct access to. Again without having to de-package it or in any other way physicaly harm it.

It is harder to do than a micro probe attack but much more repetable.

Which brings me onto "fault signitures".

The attack that the bods over at Camb Labs did simply used an unmodulated RF carrier that was neither modulated nor synced to the device under attack.

That is it was like doing brain surgury with a 14lb lump hammer and a lump of flint. Thus primative but unexpectedly and strangely effective.

If you think back to the days of the Differental Power Analysis of the turn of the century it had been preceded by a few years of claim counter claim and crude preventative engineering tricks such as in circuit noise generators on smart cards.

The problem was simple functioning electronic logic draws power to switch states and in the process this produces electrical noise on the power supply lines. These powerlines come from every part of the internal circuit and have no bandwidth limitations of any meaning (just pad capacitance and lead bonding wire inductance). Adding a small amount of resistance (say 0.1-1R) between the chip pin and the external powersupply decoupling made this rich signal of multiple signitures available to be analysed.

It quickly became clear that with simple microprocessors you could tell at exactly what point in the internal program it was at and how it branched based on internal and potentialy secret values. [As a historical note this should have been absolutly no surprise to anyone, it had been known since the early days of computing that the unwanted emmision carried sufficient intelegance for a human to understand sufficiently on a near by AM radio to say a program was not functioning correctly].

The smart card industry response was to say the least pathetic and showed they had no less understanding of the issues involved than an averagely smart home hobby electronics/radio enthusiast.

After the first denials came the proof that a secret (DES) key could be detected. The solution from the smart card industry bolt a PRNG noise maker into the circuit. The attack solution use spread spectrum signal detection techniques to remove it's effect. It was turning into the old EW ECM/ECCM/ECCCM game.

At this time Ross Anderson at Cambridge Labs was looking at self clocking logic to get around the synchronising issues, and I sent him an EMail warning him that his circuits where going to be very suseptable to be externaly locked to an RF signal by the process of "lose locking".

[Historical note lose locking is a very old issue and is why two pendulums will fall into sync if there is any kind of coupling between them including just being adjacent to each other it requires only fractionaly tiny amounts of energy in comparison to that in the pedulums. It applies even more so in electronics which was very well known at the time in Satalite recevier front ends for threshold extention and as in improvment over PLL techniques, and is the way the colour chromanance signal is synced up in PAL television (via the "colour burst" signal and how some FM Stereo receivers decode the channel difference signal) was also known to have been used for the original van Eck system.]

I had also sent an Email to the two DPA authors outlining how the use of RF carriers could be used to extend their attack.

Put simply and as described in any EMC book, if your circuit can eminate (radiate) a signal it is suseptable to a similar signal. What is not in there usually is TEMPESTS dirty little secret that you can "enumerate" a piece of equipment by both that emination and suseptability.

However the industry should be aware of this I have been saying that RFID chips in passports can be enumerated by their startup charecteristics from the early days. Various industry mouth pieces (who should have known better) went into denial mode and as we have seen more recently they as ususal where wrong in their pronouncments, but have conveniently chosen to forget that fact...

But it goes further than just enumerating the chip
by it's responses and suseptability to stray signals (it works the same way that "red eye" does in photography).

Just like the rabit in the head lights you can control it.

So you can extend DPA by injecting a signal to cause the internal state machine to go to the wrong state. This has the same effect as unchecked overflow/underflow bugs in software that allow knowledgable crackers to break the stack etc etc.

What surprises me is people don't put 2 and 2 together and realise this and start exploiting it?

The trick (if you can call it that) is to work out what is going on with an "emmision signiture" and use this to sync your injection attack. You repeatedly go around the loop on a piece of test kit untill you have the system sufficiently enumerated for your attack to work.

You then go and find a piece of live kit and "own it" without "it" or it's "legitimate owners" being aware it is happening...

I was doing this back in the 1980's with simple microprocessors. One of which was in a prototype hand betting device. I showed it's incredulous backers that for all the protesttions of it's developers that all their carefully designed security worked it was all for naught (needless to say it never went into production). I also showed it was an issue with an electronic purse.

Yes it is going to be harder with more current technology but the fault still remains to be richly exploited.

So huff to PUF, it can be got at unless great care in it's design is employed. And I know from much experiance that care in design and time to market make uneasy bed fellows. And thus I will make a prediction,

PUF like PA/DPA on smart cards and enumerating RFID chips in passports will have it's "inglorious failures" and go into first denial and then the EW ECM/ECCM/ECCM cycle, before it ever becomes trust worthy, if it ever can (which I doubt).

Clive RobinsonFebruary 25, 2010 8:47 AM

@ Moderator, Robert

It appears there is another bug in this mobile phone (Motorola Sidekick slide with DangerOS).

Just as I was finishing off the reply the phone rang, and in answering it posted my nearly finished response whilst answering the call...

Thus the second of the two posts above is the one that should have been posted not the first (the difference was in the end of the prediction).

For those working for Danger OS I think you will find you have a bug in your "mouseover" function when another app opens a dialog box up over the top of an app in use.

That is if I cross a button in the web app to get to a dialog box partialy on top of it to click to answer a phone call for instance both apps appear to get a "mouseclick" response.

Thus I'm guessing it's a base UI problem not an app problem.

bobFebruary 25, 2010 2:46 PM

@clive: You probably exceeded the RAM with that post. Self-induced buffer overflow attack.

robertFebruary 28, 2010 9:04 PM

@Clive

Thanks for the wealth of information.

I'm not sure that a lot of the things that you are suggesting will actually help with PUF's. The basic difference is that PUF's are usually a parallel cell and sensor array that is read at some instant in time. Most PUF's are only in a "metastable" condition for somewhere between 10ps and 1nsec, so the appropriate interference must happen during this narrow window.


So unlike most "on chip" random number generators which synchronously sample a noise source, and are used for session key generation. Most Puf's are used as the main identifying key, so if you get if wrong you don't gain access to the system.

Synchronously sampled PUF's are also being used together with on chip random number generators, to create paired systems, one random and one deterministic, however if you try to interfere you will corrupt both systems. So the classic approach of locking the random number generator to an external clock to reduce RAND entropy has the undesired side effect of introducing entropy into the PUF secret key.

So I think successful attacks will need to be targeted at either test systems. such as "Check PUF Key" function or at the key exchange.

Anyway, I won't spam the group with anymore on this topic, if anyone is interested in this topic than I'll send my email address.

Clive RobinsonMarch 1, 2010 6:26 PM

@ Robert,

"Most PUF's are only in a "metastable" condition for somewhere between 10ps and 1nsec, so the appropriate interference must happen during this narrow window."

Hmm you appear to know more about PUFFs than is currently "openly" available. Care to share where you got the info?

As I said originaly my knowledge of them is a little vague simply because I've seen little or no info on them other than "venture capital" blurb.

Supposadly some bod at MIT came up with the idea.

However the same blurb comes up with obvious "BS alert" type nonsense with statments like "64 bit random number that is unique..." (birthday paradox dumps that on its head after 4billion or so devices ;)

The attacks I was describing are "general purpose" in nature and are areas you would start with if you did not want to strip the lid off and had little or know information about the internals of the system or the protocols in use.

Basicaly you get hold of one or two and "black box probe" them to look for where things work differently than when not probing and tailor your probing to enumerate the target.

Untill either more details are available or you can get a few on the RF test bench all potential attack vectors are going to be "in theory" tempered by experiance.

From what you say,

""Most PUF's are only in a "metastable" condition for somewhere between 10ps and 1nsec"

This would suggest that the method chosen is rise/fall times on logic circuits.

RobertMarch 1, 2010 9:01 PM

@Clive
Sorry to disappoint but I have no direct information, everything I've gleaned is based on my best guess and over 25years Analog IC design experience.

There are 3 basic types of PUF's
1) SRAM array / Butterfly cells
2) signal timing
3) Piezo/magmetic coupling layer

1) The SRAM PUF powers up with a certain pattern which is due to minor differences in the VT's of the inverters making up the SRAM cell (and other effects like NBTI/HCI and well stress), it adopts this PUF state at power-up, power-up probably happens in 100nsec to 1usec (switch SRAM on) at some time in this power ramp the cells all resolve if they are '1' or '0'. For data protection reasons the SRAM would be regulated to a low voltage and turned on for a very short period (say 1V for 100usec)
Butterfly cells are basically similar to SRAM for the underlying mechanisms

2) Signal timing, this PUF launches the same digital impulse signal down two different paths to a phase detector which latches into the state of the first arrival signal. The main mechanisms at play here are the resistance of the routes (mostly via resistance, my guess) and the VT differences at the reciever. Both uncontrollable manufacturing differences.
These probably resolve in about 10psec to 100psec.

3) some Pufs add a special top layer which magnetically couples two signals . The special layer is added after the normal chip process (probably on top of the PO layer) this special layer is distroyed if you try to de process the chip (from the top side), suggest a backside attack is best. I know very little about these PUf's

Attacks suggested by structure
1) Non-monotonic power-on
- Take the power high quickly and than Low / high switches during the device power-up. Attack is likely to fool the POR (power on reset) logic

2) Differential heat / RF / substrate injection (one corner of an SRAM will be physically close to one side of the chip), making one side of the chip hot could change the SRAM cell offsets a little. The same thing could be done by intentionally injecting substrate current at one pin. High field strength RF would be similar

3)Extreem heat say 200C or higher could anneal the chip relaxing some of the stress whiic causes the VT offsets, probably distroying / altering the PUF key.

4) Induce local offsets by illuminating the chip surface with a laser (causes heating + substrate currents + SeebecK effect) Can be done one cell at a time.

Note: the most likely result of the above actions is that the PUF key will be corrupted rather than revealed. However the second step of any PUF is to change it with some sort of Hash function. A weak (all 1's) PUF would reveal a lot of details about the Hash function.

if you want to discuss this further I'd suggest email (try rot3) on my name

uwdowb@gmail.com


Joe DemobstaSeptember 11, 2010 2:11 PM

We are HIRING! We are HIRING! We are HIRING ATM and gas pump repair men! Good competitive salary and excellent benefits! ;-) Call 1-800-SKI-MMER

Mary LouDecember 5, 2010 12:00 PM

I use my gas card about once a week on my way home near work, but when I put
my card in they do not ask for my zip code, as the stations nearer my home do.
I think I will discontinue going to that station unless they install something that
asks for my zip code, since it seems that
it would be impossible for someone to guess my zip code, especially if I were
using a station not in my zip code.

But it might require installing all new pumps to be able to request the zip code
info?

Wouldn't that be safer for me to do?

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..