Cambridge University researchers have discovered that the one-off codes used in Chip And PIN authentication can be predicted.
Whenever a Chip and PIN card is used to withdraw cash from an ATM or make a payment via the EMV standard (Europay, Mastercard and Visa) it is authenticated via an Unpredictable Number (UN) that has been generated. It seems, however, that the numbers generated may not be quite so unpredictable.
Mike Bond, a visiting professor at the University of Cambridge, discovered that there was a pattern in relation to a particular case of ATM fraud that would allow for future UNs to be predicted. Testing on certain models of ATM showed that some models actually had defective number generators.
This of course has far reaching ramifications, the most pertinent to my mind being something Mike Bond wrote back on the 10th September -
“We have described some of the complaints we receive regularly from bank customers that stolen cards have been used in circumstances where the PIN could not have been compromised, and yet whose bank refuses a refund claiming its records show the PIN was used. Many of these customers are credible witnesses and it is not believable that they are all mistaken or lying. When we investigate their claims we often find serious vulnerabilities which the industry failed to disclose. It appears that some parties were already aware of the random number deficiencies we describe in today’s paper but failed to take action. This raises serious issues for regulators.”
- especially when you consider the fact that Bond says he and his colleagues informed banks of the exploit as far back as February! Interestingly it would appear that the banks, whilst confirming receipt of the information, have as of yet failed to comment.
Bond also wrote,
“If you can predict [a UN], you can record everything you need from momentary access to a chip card to play it back and impersonate the card at a future date and location. You can as good as clone the chip.”
You can read more about this vulnerability in the researcher’s paper - Chip and Skim: cloning EMV cards with the pre-play attack (.pdf)