If you've tried to purchase petrol at a Shell station with your credit card over the last few days, you may have been surprised when the shopkeeper put the receipt on the counter and asked for your signature. In fact, Shell has withdrawn Chip and PIN from all their non franchised stores in the UK over a potential £1M scam.
If you believed the advertising campaign surrounding Chip and PIN, you'd be forgiven for thinking that the scheme is supposed to bar far less fallible than plain old signatures. Alas, all is not that simple.
Presently, it's believed that the POS terminals used in some stores have been tampered with to record the pin numbers of a massive number of customers. This information has presumably subsequently been used to withdraw cash or make purchases.This is a bit scary: The central Chip and Pin guys accredit every terminal model prior to its use in the field. They are supposed to be tamper proof and stop working if any attempt is made to muck around with them, such as to persuade them to record pin numbers.
Of course, in real life the Chip and PIN POS terminals have become so ubiquitous that many will undoubtedly find their way into the hands of that element of society that would probe them and find a way around the anti-tamper mechanisms built into the device.
The point here is that you don't really _need_ to fiddle with a terminal: It would be quite easy to produce a device which sat on top of the authentic device whilst recording everything the user does and just passing the signals on to an authentic terminal. This would be executed in much the same way as the card skimming devices that get fitted to ATM machines from time to time.
Indeed, take this a step further, in a hypothetical attack, imagine a POS terminal that routes the signals to an accomplice in a different store: when you type in your pin, you are not paying for the petrol at all but for a £2000 plasma TV. The beauty of this attack is that you never know.
Use of such a device would probably require cooperation of local staff, but there will always be ways to buy staff.
There are some pretty advanced techniques around for getting the PIN number and it's not difficult to see that any of these could aggregate to a powerful attack. Remember we only have 9999 different PIN Numbers (Actually, it's less than that but lets not do that discussion now).
1) Key timings
Use of the timings between key presses to predict what the number might be. Get an audio recording and feed it thorough a filter to detect the exact timings between the keys… Compare with statistical averages and guess the pin.
2) Key sounds
On some terminals, it's possible to detect slight differences in the sound made when the key is pressed.
3) Social engineering.
It's amazing how many people will give you one digit of their PIN without much prompting. Finding out about the target may give away valuable information: Phone numbers, dates of birth, anniversaries. Lets face it, most people use a PIN number than means something to them.
4) Shoulder surfing
5) Non intrusive tampering with the Terminal (Dusting the keys for example). This would give you 4 digits with only about 24 permutations: Not a bad reduction from 10,000. In conjunction with technique 1 or 2 you might get a 90% hit rate.
Defences
The best defence I can come up with is
1) Soft keys. I've seen these on high security door locks. Each key has an LED digit on it. The idea is that when the credit card is inserted, the keys re-arrange themselves in a random pattern, so that rather than
789
456
123
The pad might look like this…
697
198
324
The obvious idea being that this counters shoulder surfers and other techniques involving studying the equipment non-intrusively. The key displays would be pretty directional so the chap standing next to you can't see them.
Well you clearly need to think hard to use this and it's no good for the visually impaired, but you can easily see the benefits of such a system.
Even when you consider the slower number entry due to the thought required this scheme has tremendous potential, although it should be noted that many people remember their PIN by position on the pad and not the actual number itself.
It's interesting to note that all attacks on Chip and Pin are likely to be based around getting to know the PIN. 4 digit numbers are considered quite adequate as secret passwords: 10000:1 odds are good enough to be considered unguessable.
As a final thought, consider the legal position of Chip and Pin. Presently, the banks are claiming that anyone complaining about phantom withdrawals is probably lying. This is the default position. They have won court cases and continue to do so daily where they simply state that the burden of proof is on the customer to show that the transaction was not undertaken with their knowledge. They simply claim that the customer gave the PIN number away willingly.
The problems we have talked about today are all related to a wired device which _should_ be easier to secure. Consider the challenges facing wide scale RFID implementations such as the national ID card.
Expect more articles on this interesting subject soon.