The mythical tamper-proof PIN pad?

As reported in many places (BBC News and The Register amongst others), Shell have stopped accepting Chip and PIN transactions at all 600 of their directly owned petrol stations in the UK. It is reported that eight arrests have been made, but only a few details about the modus operandi of the fraudsters have reached the media.

Most reports contain a quote from Sandra Quinn, of APACS:

They have used an old style skimming device. They are skimming thecard, copying the magnetic details – there is no new fraud here. Theyhave managed to tamper with the PIN pads. These pads are supposed tobe tamper resistant, they are supposed to shut down, and so that has obviously failed.

It is not clear from the information that has been released so far whether the “magnetic details” were obtained by the attackers through reading the magnetic stripe, or by intercepting the communication between the card and the terminal. Shell-owned petrol stations seem to use the Smart 5000 PIN pad, produced by Trintech. These devices are hybrid readers: it is impossible to insert a card (for a Chip and PIN transaction) without the magnetic stripe also passing through a reader. With this design, there seem to be two possible methods of attack.

  1. A hardware attack. Given the statement that “[the attackers] have managed to tamper with the PIN pads”, perhaps the only technical element of the fraud was the dismantling of the pads in such a way that the output of the magnetic card reader (or the chip reader) could be relayed to the bad guys by some added internal hardware. Defeating the tamper-resistance in this way might also have allowed the output from the keypad to be read, providing the fraudsters with both the magnetic stripe details and a corresponding PIN. It seems fairly unlikely that any “skimming” device could have been attached externally without arousing the suspicion of consumers; the curved design of the card receptacle, although looking ‘suspicious’ in itself, does not lend itself to the easy attachment of another device.
  2. A software-only attack. The PIN pads used by Shell run the Linux kernel, and so maybe an attacker with a little technical savvy could have replaced the firmware with a version the relays the output of the magstripe reader and PIN pad to the bad guys. The terminals can be remotely managed — a successful attack on the remote management might have allowed all the terminals to be subverted in one go.

The reaction to the fraud (the suspension of Chip and PIN transactions in all 600 stations) is interesting; it suggests that either Shell cannot tell remotely which terminals have been compromised, or perhaps that every terminal was compromised. The former case suggests a “hardware attack”; the latter a (perhaps remote) “software attack”.

Even if the only defeat of the tamper resistance was the addition of some hardware to “skim” the magstripe of all inserted cards, corresponding PINs could have been obtained from, for example, CCTV footage.

Attacks like this look set to continue, given the difficulty of enabling consumers to check the authenticity of the terminals into which they insert their cards (and type their PINs). Even the mythical tamper-proof terminal could be replaced with an exact replica, and card details elicited through a relay attack. Members of the Security Group have been commenting on these risks for some time, but the comments have sometimes fallen on deaf ears.

14 thoughts on “The mythical tamper-proof PIN pad?

  1. Interesting analysis, Stephen. There seems to have been a burst of insight about the method of terminal compromise in this particular case; but aside from your observations, the technical details are retreating into the fog again, I fear.

    Regarding the fact that Shell suspended all its terminals, there is an argument that says Shell would need to do something absolutely immediately to regain consumer confidence until this all blows over, otherwise drivers will simply choose to fill up elsewhere this week.

    The above explanation seems the most plausible to me, but it does not tally with the 400 or so franchises not suspending Chip and PIN as well. Well, I’m not sure what the terms and conditions of the franchise would be anyway…

  2. Peter Fairbrother has some interesting observations in his UKCRYPTO article a couple of which are worth expanding:

    In particular, he questions what incentive Shell would have to be diligent about the card readers. Provided they meet minimum standards they lose nothing (apart from reputation) when there is an attack — it is the banks (and any customers who fail to check their statements) who suffer the loss.

    I think this is very significant, because the only lever is held by the bank with the merchant agreement, who could threaten to raise their percentage (and I expect there would then be a queue of others who wanted the (very substantial) Shell business to go through their books).

    Also, Peter observes that if the criminals had offered a “free lunch” then the banks would be in serious trouble. That is, if the crooks arranged for the terminals to be disconnected from the bank altogether for the stolen transactions (which, if they were not greedy, might be only a handful a day), then there would be no pattern linking the cards back to Shell garages (though presumably Shell’s internal accounting would note the discrepancy at some point — and just possibly a customer would complain about the missing transaction).

    The reason that this is an especially bad scenario for the banks because anyone in the country who took money out of an ATM surreptiously could then, fraudulently, claim to be a victim. Mind you, everyone’s honest, aren’t they ?

  3. Similar attacks have been happening against the Danish payment card ‘Dankort’ over recent months. A recent TV special on the problem pointed to the British Chip & Pin as being the way to implement a smart-card based payment card and Mrs. Quinn did an interview in which she appeared puzzled that the Danish project never contacted APACS for guidance 🙂

    Dankort was originally introduced about 20 years ago and most of the terminals in use today are the exact same ones deployed 20 years ago. The only attack ever envisioned back then was that someone steal a valid card and would try to bruteforce the PIN, so a lock-out policy has been in place from the start: 3 incorrect PINs and the card is blocked.

    So, in recent months, criminals have been covertly breaking into stores, opening the card terminals and inserting hardware that recorded the pin and card number onto non-volitaile memory. A few days later, the criminals would return to retrieve the stored information.

    In at least one occurance did the criminals not force-open the terminal.. they simply replaced it with a duplicate that had already been subverted. These terminals are available to anyone for around 60 quid.

    The physical Dankort was revised a few years ago to include a chip, but the new terminals that accept both magnetic strip and a smart card suffered from a number of technical problems, so stores sealed the smart-card part of the terminal and just used the magnetic strip part.

    Supposedly, these new terminals have tamper detection and will cease to function if opened, but I wouldn’t be surprised if the detection is rudimentary at best.

    PBS (which is the Danish equivalent of APACS) also handle all online credit card transactions in Denmark and they are widely considered incompetent. Which is always nice when you’re dealing with financial transactions for an entire country.

  4. All this, interestingly, highlights what is already known about PIN interception /relay attacks. These cases also highlight as Richard C quite rightly states, the banks apparent lack of concern, as the problem is legally and financially mitigated, even though the technical mitigation has either been compromised or bypassed. So to what extent are APACS/VISA/Merchant et al accountable to the public, to protect our finances? They have done all that is reasonable, and haven’t voluntarily created weak security systems. This kind of attack just happens, all the time, but not always to this scale and not always this public.

    Tut tut and all that, but hey, everyone reads R Anderson security engineering book and the papers from your labs, and we all should know how difficult the practicallity of securiing things is. When not if the true deails are disclosed, it will be interesting to see how legistlation changes to protect the consumer, and whehter APACS are completely lacking in any form of impartiality in terms of governance…silly of me to say that of course, APACS is a concortium of the banks own interest is it not?…

    🙂

  5. The Inquirer has been talking with an insider to determine the mechanism used:

    http://www.theinquirer.net/?article=31547


    According to our source, a team of shysters has been turning up at petrol stations posing as engineers and taking the Trintech Smart5000 Chip and Pin units away for repair. They have then bypassed the anti-tamper mechanisms and inserted their own card skimmer.

    The hoods then return the unit, again posing as an engineer. Once the units begin collecting card details these are sent abroad and used to withdraw cash.

    And our source warns the fraud could take place at any site, with any Chip and Pin terminal and trusting staff.

    It is impossible for members of the public to distinguish a doctored unit from a standard chip and pin card reader, as the skimmer is inserted inside the unit, unlike with cashpoint card skimmers.

    To get around the anti-tamper mechanisms, the fraudsters might have had access to a reset program that would allow them to reset the alarm or they were able to engineer their way round it by using different parts from previous versions of the Smart5000 unit. “Either way,” said our mole, “they were very clever.”

  6. It could just be sloppy wording, but it’s interesting that the Inquirer article states that (emphasis mine):

    Once the units begin collecting card details these are sent abroad and used to withdraw cash.

    The Smart 5000 PIN pads have Ethernet ports and an IP stack, so it’s possible the the crooks actually leaked the card details over Shell’s own network. It’s also possible that they fitted a separate wireless communication device within the PIN pads – it would be interesting to know whether there’s enough dead space inside for a GSM terminal.

    If these techniques are ruled out, the ‘engineers’ might have returned at a later date to remove the log of customers’ card details, but this isn’t entirely consistent with the wording of the article.

  7. did anyone think about ip traffic monitoring, a laptop with ethreal!!

    unencrypted traffic sent over suposedly “secured” network?

  8. I would suggest a simple hardware hack was used.

    Pin-pads usaully are protected in quite sophisticated ways:

    1) A simple microswitch on the back cover to detect case entry.

    2) The internal electronics are often potted with a highly volatile metallic mesh. as soon as the potting is compromised the mesh fails (like a fuse) and an internal interrupt clears any stored keys etc in the flash. Once cleared the hardware itself if fairly useless. Sometimes a processor module with internal databuses and internal flash is used, giving similar protection to the potting idea

    3) A Temerature sensor prevents freezing of the flash (very cold temperatures will prevent the flash being wiped). Once the pin-pad detects a low enough voltage it will erase the stored keys before the temperature drops too low.

    4) DPA (differential power analysis) resistant software.

    Once the pin-pad case is opened (easy enough, with a sample or two you can find where the case-opening micro-switch is),
    you can then sit a simple microcontroller on the key-pad array (can be figured out from a visual inspection) and scan any mag card swipe (a doddle with the hybrid dip/swipe reader, no need for a seperate skimmer).

    The data stored will then be a sequence of card swipe data followed by a sequence of key presses, repeated for every card used. The added circuitry could include a simple bluetooth chip to allow collection of harvested data by just walking into a location.

    No need to compromise the software on the pin-pads, no need to piggyback on the terminal comms etc.

  9. Around £1,000 in small amounts from ten different Indian ATMs (20 thousand Indian rupees, for example) has been fraudulently taken from my Abbey bank account shortly after I used my debit card at Shell Fairmile in Esher Surrey and at BP Pippbrook in Dorking.The card has not been out of my possession at any time. I have reported the incident to Surrey police and to the local newspaper Esher News and Mail.

Leave a Reply

Your email address will not be published. Required fields are marked *