Chip & PIN terminal playing Tetris

December 24th, 2006 at 21:08 UTC by Saar Drimer

Many discussions over the security of Chip & PIN have focused on the tamper-resistance of terminals (for example in the aftermath of the Shell Chip & PIN fraud). It is important to remember, however, that even perfect tamper resistance only ensures that the terminal will no longer be able to communicate with the bank once opened. It does not prevent anyone from replacing most of the terminal’s hardware and presenting it to customers as legitimate, so freely collecting card details and PINs.

Steven Murdoch and myself took the chassis of a real terminal and replaced much of the internal electronics such that it allows us to control the screen, keypad and card-reader. Steven suggested that in order to show that it is completely under our control, we should make it play Tetris (similarly to the guys who made a voting machine play chess). We recorded a short video showing our Tetris playing terminal in action. Have a merry Christmas and happy New Year :-)

Update (2007-01-03): The video is now on YouTube.

Update (2007-01-05): The Association for Payment Clearing Services
(APACS) has responded:

APACS, the payments organisation representing high street banks, said the Cambridge breakthrough could be a threat.

‘People could, in theory, use this to steal account details from cards,’ said Sandra Quinn of APACS. ‘Our experts are in discussion with the manufacturers of terminals to see what can be done. Essentially what these people have done is replace the innards of a chip and Pin machine.

‘However, we would say that this has only been seen in a laboratory so far. People would not be able to create counterfeit chip and Pin cards, but they could use this information abroad to make purchases.’

Open video in external viewer

Entry filed under: Banking security

87 comments Add your own

  • 1. .$author.  |  December 25th, 2006 at 16:41 UTC

    Chip, Pin and Tetris…

    Saar Drimer and Steven Murdoch will be getting lumps of coal from the banking industry, and amused laughter from the rest of us: It is important to remember, however, that even perfect tamper resistance only ensures that the terminal will……

  • 2. JR  |  December 25th, 2006 at 20:27 UTC

    I was under the impression the the requirement was for tamper eveidence, not tamper resistance. The particular terminal shown obviously does not meet the requirement. All the king’s soldiers and all the king’s men should not have been able to put it back together again.

  • 3. Saar Drimer  |  December 25th, 2006 at 20:53 UTC

    @JR,

    The tamper resistance in EMV terminals disable it from communicating, and completing transactions with the bank.

    The tamper resistance does not leave any evidence externally observable to the user, the one that is potentially being defrauded. Even if it did, users are not trained to look for this evidence. The wide range of terminal types, colors, and shapes does not lend the customer any hand in identifying a fake terminal, either.

    So, the current tamper resistance does not protect the customer in any way. Our terminal looks exactly the same as it did before we replaced the internal hardware.

  • 4. JR  |  December 25th, 2006 at 21:20 UTC

    @Saar,

    The EMV specification, book 2, clause 11.1.1.1 specifies physical security. It only requires tamper evidence, which is a much reduced requirement as compared to tamper resistance.

    However, it does say: “Therefore, it shall be so designed and have sufficient tamper-evident features so that any tampering shall be obvious to the cardholder or detected by the merchant or acquirer.”

    Obviously, the terminal you have used does not meet the requirement.

  • 5. Steven J. Murdoch  |  December 25th, 2006 at 21:34 UTC

    @JR,

    The normal way that EMV terminals comply with the tamper-evidence/resistance specification is a simple lid-switch. When this is triggered, keys and/or software is wiped. This is detectable by the acquirer (since they share keys with the terminal), but the physical appearence does not change so the customer is none the wiser.

    I think this technique does comply with the section of the EMV specification that you quoted. Note it says “cardholder or detected by the merchant or acquirer”. Our tampering would be evident to the acquirer since it could no longer make transactions. As long as one sub-condition is met, the requirement is met.

    Making a terminal tamper-evident to the customer is a very hard requirement to achieve. If the device was assembled, there must be a way to disassemble it (if only for repair). Tamper-evident seals could help, but only with skilled and patient examinars, so not everyday customers.

    Short of connecting the tamper-detection circuits to an explosive charge, I can’t think of a robust way to let customers, without any special equipment, to detect whether a terminal has been tampered with,

  • 6. JR  |  December 26th, 2006 at 11:09 UTC

    In this particular case I assume the customer would notice that the terminal plays Tetris. However, the risk is that the sofware change would not change the appearance, just record the PINs.

    There are no secret keys in a standard EMV terminal, the EMV protocols do not trust the terminal too much, the protocol is between the issuer and the card, and the secret keys used are also known only to them. The are no keys shared beween the terminal and the acquirer. The terminal does store some public keys that are used for offline authentication, if they are erased and the sofware is intact all transactions will either go online or be declined.

    The major risk in this case is stealing PINs, the minor risk allowing a few off-line transactions with limited total value.

  • 7. .$author.  |  December 27th, 2006 at 12:19 UTC

    [...] So much for tamper-resistance : [...]

  • 8. Mike Bond  |  December 30th, 2006 at 18:21 UTC

    In the short-term terminal sabotage is all about PIN theft (in the long-term there’s other stuff that can be done, relay attacks et. al). To steal a PIN, the customer must first surrender it.

    Customers of banking systems are expected to be willing to enter their PIN into pretty much any device, so long as it is solicited by an authority figure associated with payments. In practice this means a variety of people: the bank as represented by their customer services agents on the phone line, the merchant, the bank’s advertisting campaign, the till attendant at tescos, all of the above.

    While it is fortunately the case that most people are educated not to surrender their PIN to another human directly, currently the customer has little feel for what electronic devices are permissible, and in what state of repair these devices should be.

    This means that the customer will always be at risk due to lack of cultural awareness about protecting PINs, and the underlying flux in payment schemes will keep it this way for the forseeable future.

    So whatever the state of tamper-resistance and tamper-evidence for real terminals, and regardless of whether or not the terminal that Steven and Saar modified was originally compliant, the fundamental problem remains, and it can’t be magicked away.

    It’s not time to start blaming anyone, we just have to recognise that rolling out global password-based (i.e. PINs) authentication for payments, and carving a niche which does not have adverse interactions with other environments requiring authentication is damn hard!

    My 2p.

  • 9. .$author.  |  December 31st, 2006 at 03:19 UTC

    [...] dann sollte man ja wohl auf Chipkartenterminals Tetris spielen können. [...]

  • 10. .$author.  |  December 31st, 2006 at 18:14 UTC

    [...] Man muß schon gucken, wo man so seine PIN eingibt. Vielleicht ist es ein Geldautomat. Vielleicht ein Terminal. Aber. Vielleicht ist es auch etwas ganz anderes. Und spielt zum Beispiel Tetris.   [...]

  • 11. Nik  |  January 2nd, 2007 at 11:07 UTC

    That’s superb…

    Maybe next time you could add an extra slot so you can play Nintendo cartridges too :-)

  • 12. Enzo  |  January 2nd, 2007 at 16:55 UTC

    @JR “The are no keys shared beween the terminal and the acquirer”

    This is not everywhere true: in some countries, in the terminal, there are keys at least for online message encryption and online Pin encryption.
    So when the terminal detects an attack, it should delete the keys and stop working.

    The merchant should be responsible (liable) that the original terminal has not changed, stolen, etc. in the same way the cardholder must take care of the Pin.

  • 13. Mole  |  January 4th, 2007 at 12:16 UTC

    I don’t understand why the PIN system isn’t two-way. Ie, a PIN from the bank to you to prove that the terminal is authentic, and a PIN from you to the bank to prove you are owner (or at least someone who knows the PIN).

    So for example every card could have a number associated with it which is not contained in the card itself, but once the card id is sent to the bank, a number is retrieved which is displayed on the terminals screen and which the card holder can use to verify the terminal is working correctly. The card holder can then enter his PIN to validate the transaction.

    Then again, how many people are going to remember two pins and therefore simply always accept regardless of the number presented? Considering the amount of people who keep there pin number either in there wallet or on there mobile phone, I’d say a very select few…

  • 14. Ryan  |  January 4th, 2007 at 18:14 UTC

    With a phone keypad, a card swipe, an lcd, and a fancy case, you could build something most people wouldn’t think twice before trusting! Think of all the atms out there that people blindly trust. Anyway, just the fact that it’s playing tetris is cool!

  • 15. .$author.  |  January 5th, 2007 at 02:10 UTC

    [...] Filed under: Gaming [...]

  • 16. .$author.  |  January 5th, 2007 at 02:24 UTC

    Credit Card Swipe Machine (Chip & PIN) plays Tetris…

    In a weird news story, a bunch of University of Cambridge students made one of those Credit Card Swipe Machines that you see at the checkout line play…Tetris. Yeah, Tetris. Add that to the growing list of things that can play Tetris and we get ar…

  • 17. .$author.  |  January 5th, 2007 at 03:04 UTC

    [...] Filed under: Gaming [...]

  • 18. .$author.  |  January 5th, 2007 at 03:54 UTC

    [...] Filed under: Gaming [...]

  • 19. .$author.  |  January 5th, 2007 at 04:22 UTC

    [...] Filed under: Gaming [...]

  • 20. Jesse  |  January 5th, 2007 at 06:27 UTC

    Can it also play Global Thermonuclear War?

  • 21. Ross McKillop  |  January 5th, 2007 at 08:28 UTC

    Jesse, I’m glad I wasn’t the only one who picked up on the Dr. Falken messages ;)

  • 22. .$author.  |  January 5th, 2007 at 09:23 UTC

    [...] [More: Chip & PIN terminal playing Tetris] Tags: chip and pin, geek out, tetris [...]

  • 23. Alex wright  |  January 5th, 2007 at 11:03 UTC

    Of course to protect the customer, what is needed is some display on the card that indicates that it has a valid connection to the bank.

    This shouldn’t be too difficult with some e-ink, or even just a panel that glows green while there is a valid connection.

    “Only enter your pin when the panel glows green” shouldn’t be too hard an instruction to remember.

  • 24. Kdansky  |  January 5th, 2007 at 12:42 UTC

    ““Only enter your pin when the panel glows green” shouldn’t be too hard an instruction to remember.”

    Does not work ;) Since the hardware is under complete control by the tetris-team, they could make the panel glow green as much as they like.

    Instead just use basic crypto theorems: The bank must authenticate itself by showing it knows a certain secret key. So only insert your PIN if the device shows you some string or number you know. The hacker will not know this number and cannot display it. You’d have to remember two PINs then, but that’s ok I think.

  • 25. .$author.  |  January 5th, 2007 at 13:57 UTC

    [...] UK researchers have hacked a supposedly tamper-proof Chip and PIN terminal to allow it to play Tetris. Steven Murdoch and Saar Drimer of the University of Cambridge managed to get a playable version of the classic game working on the tiny screen. [...]

  • 26. .$author.  |  January 5th, 2007 at 14:48 UTC

    [...] Security researchers at the University of Cambridge have created a proof of concept hack showing the potential insecurity of supposedly un-hackable chip and pin terminals. [...]

  • 27. Oliver Stieber  |  January 5th, 2007 at 15:13 UTC

    Rigg up fake pin reader.
    Swipe the card in the till like they do in tesco.
    Get the customer to enter the pin.
    Have another working pi reader rigged up under the desk that just reneters the pin number so that the transaction goes through.
    proffit.

  • 28. Alex wright  |  January 5th, 2007 at 15:35 UTC

    To Kdansky (comment 24)

    Sorry, I wasn’t being clear:

    Only enter your pin when the panel on your card glows green.
    Thus your card is telling you that its authenticated the link to the bank.

  • 29. Gareth  |  January 5th, 2007 at 15:46 UTC

    @Oliver: The fake reader could even be connected to a fake card which is mechanically inserted into the real one, so the real machine is completely.

    I suspect a real machine could even be drilled and soldering carefully to extend the printer mechanism without triggering the tamper switches, but that would of course permanently alter it.

    For just reading PIN’s, most people wouldn’t notice a keypad overlaid onto the real one if was colour and texture matched carefully.

  • 30. a random John  |  January 5th, 2007 at 16:33 UTC

    This reader is clearly physically modified. There is a big opening just above the screen where it has been cut open. People, don’t stick you cards in or enter you pin into a reader that has obvious damage done to it.

    I’m not sure what is so impressive about this anyhow. I have a Schlumberger (now Gemalto) Magic 6000 reader on my desk, and we’ve got a dev kit for it. They are not hard to get. Anybody that wanted to could buy one, put whatever code they care to write on it, and then replace a real reader with it. That would be easier than whatever hacksaw method these guys used.

    As has been mentioned earlier the damage that can be done in such a situation is limited because of the EMV protocol.

  • 31. Steven J. Murdoch  |  January 5th, 2007 at 16:47 UTC

    @a random John

    There is no damage to the front (other than a dent on the screen, which was there when we bought the terminal off Ebay).

    Perhaps you are thinking of where the manufacturers logo was, but we covered this up with black tape, as we didn’t want to single out any particular model. Underneath the tape, it looks normal.

    The only visible evidence of modification is that we removed the power and data sockets on the back, instead using USB for both power and communications.

  • 32. Tom  |  January 5th, 2007 at 17:19 UTC

    What a load of bull. If i put MAC Hardware in a typical Intel PC Casing i can also say i cracked the INTEL plattform to act as a Mac. And how difficult will it be for a crook to open a terminal, extract the Hardware, add additional hardware like keyloggers and put everything nicely back together in a new casing that looks exactly the same? Just think 3D Printers and general casing parts that you can get over the Internet. And which customer is able to say that a casing is really the original and not some fake? If it just looks alike anybody will still enter their PIN on this fake. And if the clerk at the checkout is the crook they simply say ‘Ohhhh the original terminal was broken and we got this new model’
    But as long as these wannabe researchers could waste money and time on something obvious………….

    If one person can produce something another person can fake it. This is a fact and nothing we need to waste research money and time on. But it seems the IQ of our researchers reaches freezing point and logic doesn’t play a part in research anymore.

  • 33. Chris S  |  January 5th, 2007 at 19:05 UTC

    @Alex Wright (28 and 23)

    Ok – that one is sheer genius. I’ve seen cards with thumbprint readers, but that struck me as expensive. A card with a keypad is similarly expensive, but imposes very heavily on terminal design.

    But just a green LED? Very cool! Suggestion — the LED could even be ‘on chip’ under the contact pad, with a fiber optic in the card to lead to the edges (more than one) so that the card does not need too much embedded electronics.

    It’s still not perfect — it’s still possible to hack the terminal to record keystrokes (PINs) during a live transaction. But this is much, much harder, because now PINs will only be entered *when the bank requests it*. Wholesale replacement of the guts will prevent cards from working properly.

    The tougher part would be changing the standards to insist on online operation. Here in Canada, all debit cards are stripe only, but they are always on-line, always PIN, never signature. Dialup terminals would still be a tough one, but the increasing use of network connected terminals would work well with your idea.

  • 34. .$author.  |  January 5th, 2007 at 19:10 UTC

    [...] A team at the University of Cambridge has managed to alter a Chip and Pin machine to allow them to play Tetris. Now, yes, they did do it by removing a lot of the inner workings of the machine, but it does raise the issue of how would you know if the machine a shopkeeper presented you with had been altered in to swipe card details while still making the original transaction go through. [...]

  • 35. http://selectprivacy.blogspot.com/2007/01/ians-technical-hitches-2.html  |  January 5th, 2007 at 19:38 UTC

    [...]Steven Murdoch and Saar Drimer of Cambridge University demonstrated that, by modification of internal hardware, a chip & PIN terminal could be converted for illegitimate use, while still appearing legitimate to users. Steven and Saar made a terminal play Tetris to demonstrate, as on this YouTube video.[...]

  • 36. SELECT Privacy  |  January 5th, 2007 at 19:38 UTC

    […]Steven Murdoch and Saar Drimer of Cambridge University demonstrated that, by modification of internal hardware, a chip & PIN terminal could be converted for illegitimate use, while still appearing legitimate to users. Steven and Saar made a terminal play Tetris to demonstrate, as on this YouTube video.[…]

  • 37. kvp  |  January 5th, 2007 at 20:45 UTC

    There is a trick that was actually used in eastern europe. The real card reader has a small raised frame attached over the slot where the card goes. This contains a data reader. The pins of the card can be tapped here, and the data relayed to the real connectors. The keypad has a small cmos video camera attached to the lower portion of the keypad with another small plastic frame. The keys that are pressed can be calculated with simple image processing software (the same used for projected keyboards). This allows the attacker to get the pin, complete the legal transaction and pretty much do anything with the card. (after or before the real transaction) The only sign of this hack would be that the reader gets bulkier but when the new plastic matches the original it can be regarded as a design feature. This device can be removed from the readed without any trace.

  • 38. sthen  |  January 5th, 2007 at 23:27 UTC

    “The bank must authenticate itself by showing it knows a certain secret key. [...] The hacker will not know this number and cannot display it. You’d have to remember two PINs then, but that’s ok I think.”

    Simpler than that; it could just display your name.

  • 39. Saar Drimer  |  January 5th, 2007 at 23:35 UTC

    @sthen,

    The name of the owner is on the chip and can be read out and displayed on the LCD screen without contacting the bank. If you look closely at the video, you’ll see a reference to “Dr. Falken”. In fact, our scheme reads the name of the owner off the card and displays it instead. We decided not to show any legitimate cards or owners’ name so not to infringe on anyone’s rights (logos, etc.) or privacy so we used a blank card instead. That’s why we also covered the manufacturer’s logo and model number.

  • 40. James Venning  |  January 6th, 2007 at 00:50 UTC

    Well this obviously shows that it could be a threat to the who security side of chip and pin. For a start, the UK Government and Bank’s were very stupid for implementing the cheaper, less secure version of chip and pin scheme. Take France for instance, most of the Banls and retail outlets offer the highest security possible.

    Another thing is that the public seem to think chip and pin is a relatively new technology – it isn’t! Regarding France again, the system has been in place for years. Another failing of the UK. I don’t know why we Brit’s cope with our country .

  • 41. a random John  |  January 6th, 2007 at 04:49 UTC

    Good to know that what looks like a big cut above the screen is tape. Of course since it probably says either Schlumberger or Axalto, neither of which is the current brand name I’m guessing that the value of the tape is minimal.

    My point that these devices are not hard to obtain and program in any way that you want. It is probably harder to do what is demonstrated here than to simply buy a terminal and program it. If you are going to do this you are only a step away from hacking up your own box with a card reader and pin pad and grabbing CC#s and pins with that. Again, the exposure is somewhat limited.

  • 42. Pete Windridge  |  January 6th, 2007 at 13:39 UTC

    I’m not sure whether this has been thought of but public key encryption (or similar) could be used. Combined with the glowing green thing this would not prevent a video camera or keylogger recording the pin but at least the only way to _use_ the pin would be to steal the physical card.

    This is simplified by the card only needing to know 1 banks public key and the bank can know every cards public key.

    The green light would of course only switch on when the bank sends an encrypted “switch green light on now” message (which the card can decrypt). The user can then enter their pin (which can still be logged of course).

    I would also propose that the bank also challenges the card based on the date/time of transaction or sequence number so that a naughty vendor’s reader can’t just replay the conversation between card and bank multiple times.

  • 43. A  |  January 7th, 2007 at 00:15 UTC

    It’s also easy to reconfigure most pinpads like at mcdonalds big w safeway etc. (AUS) just by pressing the key (FUNTION) (F) (FUNC)
    and keying in 3824 for matenince or 7410 for configuration can really fuck them over

  • 44. .$author.  |  January 7th, 2007 at 11:31 UTC

    [...] Il video sample in cui si vede uno dei ricercatori che gioca a tetris è disponibile sia su Youtube che direttamente sul loro sito. –> [...]

  • 45. Clive Page  |  January 7th, 2007 at 12:17 UTC

    Presumably from the user’s point of view the best thing to do is always to enter a false PIN when first prompted, and only enter the right one if that gets rejected?

    Until that practice gets widely used; then presumably the fraudsters would always reject the first PIN entered. But it should help in the short term.

    As others have suggested, a better long-term solution would be for the terminal to have to display some fact that the bank knows, but which isn’t stored on the card, such as the user’s middle name, or the first line of the address, or date of birth. But I suppose that brings new risks into play…

  • 46. Skellious  |  January 7th, 2007 at 13:36 UTC

    well done guys :D love the ‘war games’ reference.

  • 47. Skellious  |  January 7th, 2007 at 13:38 UTC

    Presumably from the user’s point of view the best thing to do is always to enter a false PIN when first prompted, and only enter the right one if that gets rejected?

    The system automatically locks the card if the pin is entered incorrectly 3 times, even in different locations and at different times, so you would have to go to your bank machine and unlock your card again every 3 times you did this.

  • 48. Clive Page  |  January 7th, 2007 at 14:08 UTC

    I think you’ll find that’s only if you enter the wrong number 3 times in a row – any correct entry resets the counter. I’m sure that I’ve entered my PIN incorrectly many more than 3 times over the last year, and never had a locked card yet. I agree that doing this once deliberately increases the risk of getting the card locked, but it decreases the risk of being fooled by a hacked terminal.

  • 49. Ben  |  January 8th, 2007 at 03:57 UTC

    Fantastic work, can you download the paper you guys released?

  • 50. .$author.  |  January 8th, 2007 at 09:42 UTC

    [...] Recently they showed how some people managed to play Tetris on a Chip ‘n’ Pin terminal. [...]

  • 51. AJS  |  January 8th, 2007 at 10:02 UTC

    I have an even better idea. How about, instead of using a PIN which can be snarfed, have the user perform some physical gesture which cannot be replicated electronically? Signing their name on a piece of paper, for instance. A human being would be needed to verify the signature against a sample, but since there is normally a person operating the till, they could do the job. The sample could even be on the card itself, since it doesn’t actually contain all the information needed to replicate it. Anyone who hasn’t had as much practice signing that name as its real owner will take too long and make awkward pauses (learning to forge a signature convincingly takes at least an hour even for an experienced person, and during this time the cardholder might well notice and report the loss). A trained till operator could manually flag suspicious transactions if the signature differs significantly from the sample or if the signer appears ill-at-ease.

  • 52. .$author.  |  January 8th, 2007 at 12:14 UTC

    [...] Link [via hackaday.com] [...]

  • 53. .$author.  |  January 8th, 2007 at 13:54 UTC

    [...] Original post by cashbagg [...]

  • 54. Richard Corfield  |  January 8th, 2007 at 17:17 UTC

    The more troublesome machines are those that also have a magnetic stripe reader, so as well has having the PIN they have a record of the stripe. This is presumably enough information to do a good job of cloning the card. How many places could such a forged card be used? These will be devices that use the stripe and not the chip?

    I asked the bank about this, and they said not to worry.

    I’d prefer if all machines that read the strip as well are removed from service and customers told to refuse to use them. I believe we’re not meant to hand over the cards either, but a number of shops expect this so that the card can be placed into a reader attached to the checkout operator’s screen. The lack of standardisation of the procedure is a real problem. The customer is often expected to do things that are not secure.

  • 55. TagNe.ws  |  January 8th, 2007 at 17:51 UTC

    You’ve been tagged – Gadgets at TagNe.ws

    http://www.tagne.ws/Gadgets/UK-Chip-Pin-Point-Sale-Machine-Plays-Tetris/

  • 56. Nicholas Weaver  |  January 8th, 2007 at 17:56 UTC

    STUPID question:

    WTF didn’t they use public key for the chip part of the “chip and pin”?

    If they did, you wouldn’t have to worry about all these hijacking attacks with bad readers, as even a bad reader can’t get the informatino necessary to clone the card?

  • 57. Bob  |  January 8th, 2007 at 18:36 UTC

    I’d use the Tetris terminal. Maybe it will credit my bank account with my high score.

  • 58. Steven J. Murdoch  |  January 8th, 2007 at 21:18 UTC

    @Nicholas

    WTF didn’t they use public key for the chip part of the “chip and pin”

    This does exist in the EMV specification, known as dynamic data authentication (DDA). However, the UK banks went for the cheaper static data authentication (SDA) which only uses symmetric cryptography. This can still verify the authenticity of a card for the 80% of transactions which are online, but the real problem is the banks kept on accepting magnetic stripe cards in ATMs.

    What we helped two sets of journalists do was to take their own Chip & PIN card then copy the magstripe onto a card with no chip. Helpfully, the banks store a copy of the magnetic strip on the chip for backwards compatibility, but magstripe readers are cheap. Using the correct PIN, this card successfully withdrew cash from the first ATM they tried.

    One possibility is that ATMs will conclude that a card without a readable chip is just damaged so they will fallback to magstripe. Another is that many don’t have chip readers in them at all.

  • 59. Steven J. Murdoch  |  January 8th, 2007 at 21:36 UTC

    @Richard Corfield

    I’d prefer if all machines that read the strip as well are removed from service and customers told to refuse to use them.

    I agree with you in principle, but for backwards compatibility the UK banks (at least) have chosen to store all the magstripe details on the chip. We even tested this in practice, by taking the magstripe details off the chip and writing them onto a blank card without a chip. The resulting card worked in the first ATM the cardholder tried.

  • 60. .$author.  |  January 10th, 2007 at 03:55 UTC

    [...] A team of UK researchers based at Cambridge University have managed to hack a “tamper-proof” chip and pin terminal to play tetris [...]

  • 61. .$author.  |  January 10th, 2007 at 16:47 UTC

    [...] inzwischen kann man doch tatsächlich Tetris an der Supermarktkasse spielen…nachdem zwei Typeneinen PIN-Kartenleser gehackt und umprogrammiert haben, kann man das Teil zum Spielen benutzen, wers nicht glaubt… http://www.youtube.com/watch?v=wWTzkD9M0sU natürlich zwei Briten, http://www.lightbluetouchpaper.org/2006/12/24/chip-pin-terminal-playing-tetris/ [...]

  • 62. .$author.  |  January 10th, 2007 at 19:16 UTC

    [...] Researchers, Steven Murdoch and Saar Drimer, recently purchased and modified a chip & pin terminal to play Tetris.  The terminal was readily available on ebay, pointing out that claims that the terminals are not tamper proof are invalid.  While it’s important to note that they replaced several parts of the terminal to do this, it is equally important to question why it was so easy to obtain and modify a terminal that could end up being used for nefarious purposes. [...]

  • 63. .$author.  |  January 11th, 2007 at 07:15 UTC

    [...] Light Blue Touchpaper » Chip & PIN terminal playing Tetris (tags: Video Security tetris chipandpin hack privacy) [...]

  • 64. .$author.  |  January 13th, 2007 at 11:30 UTC

    Dagens länk……

    Jag har precis hittat dagens länk och det är en snubbe som har hackat ett kortterminal så han kan spelar Tetris på.
    - Vår terminal för betalkort går inte att manipulera, sade tillverkaren.
    - Titta, nu spelar vi Tetris på den, sade hackarna.
    Ok,…

  • 65. MrNibbles  |  January 17th, 2007 at 22:44 UTC

    ok,

    so what if:

    you can monitor the keypresses by hooking two wires to each contact for each key, run this to a keylogger…. ( you could slit open the big curly wire coming off these things and place the wires in there ) then you have a second chip reader mounded the other side of the main chip reader that will merely dump the chip data to an external source… hell im sure you could build an SD slot into the thing…
    easy, non intrusive way of getting the data… no modification to the internal hardware… bank transactions still work….

    all it would take is the ability to open one of these things without messing up the relay to the bank

    (this method probably doesnt work… im just thinking aloud… (in text?))

  • 66. Pete  |  February 1st, 2007 at 16:47 UTC

    @MrNibbles:

    > you can monitor the keypresses by hooking two wires to each contact for each key

    You can, but you have to open the box to get at the contacts. The box has tamper switches.

    > you could slit open the big curly wire coming off these things and place the wires in there

    You could, but the data you’d get there is already encrypted by the electronics in the pin pad.

    > then you have a second chip reader mounded the other side of the main chip reader that will merely dump the chip data to an external source

    This isn’t very clear, but if it means what I think it does:

    You can, but you have to open the box to get at the contacts. The box has tamper switches.

    Next?

  • 67. .$author.  |  February 6th, 2007 at 09:37 UTC

    [...] A fraudster sets up a fake terminal in a busy shop or restaurant. When a genuine customer inserts their card into this terminal, the fraudster’s accomplice, in another shop, inserts their counterfeit card into the merchant’s terminal. The fake terminal reads details from the genuine card, and relays them to the counterfeit card, so that it will be accepted. The PIN is recorded by the fake terminal and sent to the accomplice for them to enter, and they can then walk off with the goods. To the victim, everything was normal, but when their statement arrives, they will find that they have been defrauded. [...]

  • 68. .$author.  |  February 6th, 2007 at 19:30 UTC

    [...] concept. How much do you really trust your merchants? The University of Cambridge’s “Light Blue Touchpaper” Security Research lab did a study back in December to see if they could gut and rebuild a [...]

  • 69. .$author.  |  February 9th, 2007 at 00:29 UTC

    [...] These researchers are the guys behind the Chip & PIN terminal playing Tetris [...]

  • 70. sebastian nielsen  |  March 2nd, 2007 at 15:42 UTC

    A good idea would be a challenge-challenge-response algoritm.

    The card sends a random string to the bank, encrypted with a keyA that both bank and card knows.

    The bank decrypt that string, then add some random characters (and store the characters at the bank temporarly for the transaction), encrypt it one time with a keyB that only the bank knows, and then with a keyC that both bank and card knows.
    Then send to card.

    The card then decrypt one step with KeyC, then add the amount of purchase to the string, and then encrypt this string with a another keyD stored on card, which both the bank and card knows. Then it send this string to the bank.

    All keys should be customer-unique, even the key that is only stored @ bank side.
    ….

    The card knows that the “bank” the card is communicating with is genuine, because if the “bank” was fake (because someone tampered with the terminal), the “bank” would not be able to decrypt the string, and then the authentication would fail at the real bank, because the card needs to derive authentication data from the decrypted string it sent to the bank (as the bank added some characters)

    The bank verify the challenge sent to bank

    And if the card was fake, it would not be able to encrypt the string sent to bank, as it dosent have the keyA. It would further not be able to Decrypt with KeyC and encrypt with KeyD as these is unaviable to the hacker.

    And the amount cannot be tampered with because amount is encrypted into the string sent to bank.

    It should be easier to block the card. Maybe make it that you store a bright red “blockcard” in a safe place, (and you can fetch any number of these paper card at any time at the bank, if you need blockcards at multiple places)
    (And you should of course be able to block the card via telephone as it is today)

    Inserting the blockcard in a ATM should immediaty block the original card.

    Adding all these security measures means that PIN is no longer needed because the card cannot be duplicated, and if you do not posess the card, and you cannot find it, means it has been stolen and you can call and block the card, or go to nearest ATM and insert the blockcard.

  • 71. Lockstep  |  March 26th, 2007 at 05:11 UTC

    Sorry to come at the Tetris issue a little late.

    Does the demonstration really tell us anything profound? It certainly underscores the need for secure terminals and environments, and the risks of merchant corruption and collusion. But we knew that already.

    Someone said: “It is important to remember, however, that even perfect tamper resistance only ensures that the terminal will no longer be able to communicate with the bank once opened. It does not prevent anyone from replacing most of the terminal’s hardware and presenting it to customers as legitimate, so freely collecting card details and PIN.”

    That’s an oversimplification isn’t it? A compromised terminal that doesn’t talk to the backend anymore will behave rather strangely. I doubt that you could trick more than a handful of punters before the alarm was raised.

    Cheers,

    Stephen Wilson

    Lockstep
    http://www.lockstep.com.au
    —————————-
    Lockstep provides independent specialist advice and analysis
    on identity management, PKI and smartcards. Lockstep is also
    developing unique new smartcard technologies to address transaction privacy, phishing, pharming and spam.

  • 72. Steven J. Murdoch  |  March 26th, 2007 at 21:51 UTC

    Does the demonstration really tell us anything profound? It certainly underscores the need for secure terminals

    It was intended as a nice demonstration that the security of Chip & PIN relies on customers being able to detect a tampered terminal. It also shows that building a terminal with this requirement is not feasible. Neither facts are profound, and should not come as a surprise to the industry, but without a demonstration it can be difficult to express that to the wider public.

    A compromised terminal that doesn’t talk to the backend anymore will behave rather strangely.

    Why should it? The fraudster has complete control over the terminal and can make it behave however he or she chooses. Even if the fraudster doesn’t have a terminal they can observe at leisure, a mobile phone camera could subtly record the desired behavior.

  • 73. TillMonkey  |  March 27th, 2007 at 09:47 UTC

    “The fraudster has complete control over the terminal and can make it behave however he or she chooses”

    Including sending valid responses/cryptograms/etc via it’s API to the EPOS system so the retailer gets paid by their acquirer? That’s what will be harder to do if the anti tamper does it’s job (like it seemingly didn’t at Shell) and makes a compromise only of long term value if the shop environment is totally compromised, not just one or two rogue employees(i.e.if it doesn’t matter if they don’t get paid for the goods: the only point is the harvesting of card details)

  • 74. Steven J. Murdoch  |  March 27th, 2007 at 16:25 UTC

    @TillMonkey

    Including sending valid responses/cryptograms/etc via it’s API to the EPOS system so the retailer gets paid by their acquirer?

    No our one doesn’t, but I think the question was about the customer experience, not the merchant.

    However, this assumes there is an integrated EPOS system. In several places I have been, there is no connection between the till and the Chip & PIN terminal. So if the terminal is replaced, the merchant will not notice (until he sees his account statement).

  • 75. TillMonkey  |  March 27th, 2007 at 16:40 UTC

    “the merchant will not notice (until he sees his account statement)”.

    Trust me; it will often not be until a good while after that :) :)

  • 76. Lindsay Johnson  |  May 25th, 2007 at 00:48 UTC

    Tamper evidence/tamper proof/tamper resistance etc are irrelevant in this experiment. Checking with PIN Pad and terminal vendors and their processes are also irrelevant. Accounting forensics to trace transactions is also irrelevant. Think about it like this – take this fake device to a market or street fair. Start selling some fad, gadget or novelty and accept card payment for it. Customer puts in card details and gets goods and leaves content. The “merchant” now has their card details including PIN. It was never sent to a bank for processing (hence no transactional trail). This merchant then disappears and sets up the same scam some where else. The flaw is that PIN only validates the cardholder – it doesn’t validate the device. We’re so used to thinking of fraud being perpetrated by cardholders we’re forgetting the fraud is increasing being perpetrated via dodgy merchants. The fake terminal doesn’t even have to look like a genuine vendors device. Cardholders cannot be expected to be aware of every model and vendor device in the market – there is an inherent trust that any device must be a genuine device. Hence why tamper resistance and evidence etc is irrelevant in this circumstance – you could mock up an iPOD with a card reader and keypad and am sure you’d get cardholders to enter the card and PIN. Device validation must be addressed.

  • 77. Philip Andreae  |  January 4th, 2008 at 16:01 UTC

    Interesting discussion. As a veteran of the debate I’d like to add to the discussion
    On the complaince side the following are what i know everyone globally is suppose to certify their Electronic Payment devices to.

    EMV level 1 and 2 should deal with making sure the device does what EMV says it should.

    PCI PED defines tamper resistance and other security features designed to protect the integrity of a PIN transaction.

    Then there is PCI DSS dealing with things like encryption, password, firewalls and confidentiality.

    But none of these address, as so aptly described by Lindsay Johnson | May 25th, 2007 at 00:48 UTC, the real issue.

    When we designed EMV we once spoke of implementing a method for terminal authentication. In the end we excluded such a concept from EMV. Others have piloted schemes that support terminal authentication but acquirers resist given the cost and complexity of deploying such a solutions.

    The bottom line question is how is the consuemr to know that the machine is a fake.

    Why not use the Mobile phone as the secure device and since it is the consumer that is paying let him be responsible to know that his device has not been tampered with therefore the stuff the bank put inside is still ok. From a risk perspective we will have to deal with the issue of lost and stolen phones. We could implement biometrics as a security device on the phone even voice recognition or accept PIN for now. And frankly I’d love to think much more about this if anyone is interesed please reach out. +1 416 628 513

  • 78. Steven J. Murdoch  |  January 4th, 2008 at 17:25 UTC

    @Phillip

    Yes, I’ve also been thinking about using a phone in Chip and PIN transactions. The key idea is to allow the cardholder to see the transaction they are about to authorize, on a device controlled by them – their phone. In the current EMV system the smartcard doesn’t have a display and the terminal is potentially compromised. The open question is how to get transaction information from the bank to the phone, without harming usability.

    Since I work for them, I obviously like the Cronto system. As all standard phones come with cameras, the encrypted and authenticated transaction can be encoded in a 2D-barcode. This achieves both mutual authentication and transaction authorization. So far this has been targeted at online transactions, but should work at POS too.

    Another option is two-channel, such as sending the transaction in a SMS. This is also targeted at online transactions, but at POS the dependence on mobile phone signal and prompt SMS delivery could be a hindrance. Masabi have a good summary of various two-factor authentication systems, including their two-channel proposal.

    Once phones eventually come with NFC capability, this could be used for POS transactions too. It is currently being trialled.

  • 79. Victor Barrantes  |  January 4th, 2008 at 17:42 UTC

    A POS terminal as many others, is just a small computer you can program to do anything you want with the hardware it has, Playing Tetris, for instance, so, there is nothing amazing on this.
    Of course, you can also make a more complex program to steal the card info and make whatever you like with the stolen data.
    At the end, no matter the security, the cardholder should use an extra feature called “common sense”, to avoid fake terminals and suspicious sites.

  • 80. Saar Drimer  |  January 6th, 2008 at 14:40 UTC

    Victor,

    A POS terminal as many others, is just a small computer you can program to do anything you want with the hardware it has, Playing Tetris, for instance, so, there is nothing amazing on this.

    Indeed, this technically un-amazing. It is amazing, however, that a device designed to protect our money fails in this way.

    At the end, no matter the security, the cardholder should use an extra feature called “common sense”, to avoid fake terminals and suspicious sites.

    Common sense should not play into this (your common sense is different than mine and anyone else’s, I am sure). In order to detect a fake terminal you need to be a trained professional and know exactly what to look for. Are you suggesting training all cardholders? Are you suggesting furthering the liability onto customers for the detection of tampering? This liability should be with the banks because only they can do something to improve the security.

    I have personally seen several terminals glued with tape onto a mounting plate (one at Marks and Spencer; I’ve taken pictures), and others that are either old or have stickers and holes on them. Except me, I wonder how many people used the “common sense” you suggest and have refused to use those. But doing what I do, I notice these things though I can’t expect everyone else to.

  • 81. Rich  |  January 14th, 2008 at 18:35 UTC

    The bank ought to send a text message to my mobile whenever a transaction is made on my card.

    That way, if I’m in say a restaurant I expect to get a text message shortly after paying the bill (or perhaps next day). If I don’t get the text message, I can be suspicious of the card reader.

    And if I get a text message but wasn’t expecting one, I can call the bank about the transaction immediately.

  • 82. victor pedro  |  May 31st, 2008 at 13:20 UTC

    Hello all, you know this technique?

    http://www.zdnet.fr/actualites/internet/0,39020774,39363071,00.htm

    And what material(equipment) and flea(chip) they are to use?

  • 83. victor pedro  |  May 31st, 2008 at 13:31 UTC

    They have to insert another flea(chip)(sim) into a terminal of payment and have him(her,it) to connect it bluetooth on a portable pc and like that when a customer pay with that card, they receive all to give them of the card of credit and even the secret code!!!
    Do you know the equipment which they were able to use?

  • 84. Billy  |  June 23rd, 2008 at 14:13 UTC

    LOL Classis. Striping out the internals and replacing, the only problem it the merchant might get all the details but the transaction will not go through because its a fake.;)

    The interceptor method is much better proof of concept because not only will the attacker recieve the details but also the transaction will go through aswell.

  • 85. jandy  |  July 3rd, 2010 at 05:43 UTC

    Very interesting site. Hope it will always be alive! Its really helped me a lot. credit card swipe machines

  • 86. Tamper Evident Tape  |  February 9th, 2011 at 14:54 UTC

    Haha this is a brilliant and very lighthearted way of showing the problems of our everyday technology that is trusted. I think this kind of thing is actually really important to alert people, although the tamper resistance would mean that your card couldn’t be used to directly go through to the bank – criminals could still get your card details and use them at a later date. Important lesson taught in a funny way – go these guys!

  • 87. Steven Thompson  |  February 10th, 2011 at 09:56 UTC

    This is brilliant! I didn’t realise they were so easily manipulated? Pretty worrying that I’d have no clue if one had been compromised or not. Isn’t there an electrical version of Tamper Evident Tape that would show unknowing customers whether something was up?

Leave a Comment

Required

Required, hidden

Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Subscribe to the comments via RSS Feed


Calendar

December 2006
M T W T F S S
« Nov   Jan »
 123
45678910
11121314151617
18192021222324
25262728293031