Comments on: TV coverage of online banking card-reader vulnerabilities

By: Bernard Dresner

Bernard Dresner — Fri, 12 Feb 2010 15:57:00 +0000

Have you also found anything about SAFECART or PAYPAL ?

By: Clive Robinson

Clive Robinson — Wed, 28 Oct 2009 16:12:51 +0000

Are any of you going to the Institute of Advanced Legal Studies (IALS) lecture on

“PINs, ATMs and Liability”

Given by Stephen Mason (Barrister and Associate Research Fellow) on the 04 November (18:00 - 19:00) at,

Institute of Advanced Legal Studies
Charles Clore House
17 Russell Square
London WC1B 5DR.

It’s free, to register go to,

http://www.sas.ac.uk/events/view/6706

I might see you there.

By: Antonomasia

Antonomasia — Tue, 27 Oct 2009 23:38:02 +0000

You’re all Luddites - this was solved ~25 years ago.
http://www.atariarchives.org/deli/home_banking.php

Buy me a sandwich. Buy it yourself - I’ve no cash and only my C&P card on me.
http://xkcd.com/149/

By: Steven J. Murdoch

Steven J. Murdoch — Tue, 27 Oct 2009 14:30:58 +0000

@Matthew

I see you worked it out but, for the benefit of other readers, I’ll explain.

The modified terminal doesn’t capture the PIN, it just impersonates a CAP reader and requests authentication codes from the card. Since the card doesn’t have a display, the customer can’t tell this is what going on, and thinks it is just a normal point of sale transaction.

Two codes were requested — one for login (identify mode) and to do a transfer (sign mode). In neither of these does the bank provide a nonce. That means the response we get is valid until the legitimate customer logs into online banking. The crook can then use these codes to perform a fraudulent transfer.

We could have done a similar attack against NatWest/RBS, but it would have simply been harder to film. Since NatWest use respond mode, with a four digit nonce, the transaction would need to happen at the same time as the customer uses the tampered terminal.

To keep the customer comfortable, we wanted her to be present when we accessed her account (she was behind the camera, just of out shot). If we did a real time attack, this would be hard. We’d also need two camera to keep things honest, and it would be a bit stressful to set everything up to work smoothly.

By: Matthew Pemble

Matthew Pemble — Tue, 27 Oct 2009 14:04:22 +0000

Okay, sorry, read the academic paper. No salt. Bad Barclays, naughty Barclays.

By: Matthew Pemble

Matthew Pemble — Tue, 27 Oct 2009 14:01:00 +0000

Okay, watched the feature - still slightly unsure (it doesn’t help that I don’t bank with Barclays). You can capture the PIN with a modified terminal (fine), you can capture the challenge / response (fine) and you can arrange it that the fixed part of the challenge can be identical to that of an account you own (same account or just last 4 digits the same). The latter, of course, assuming that the SDA chap cycle is identical to the CAP chap cycle.

So, login? CAP for login with Barclays? Okay - why is the SDA response the same as the CAP response? Major design flaw? Membership number and surname, I’ll grant you.

Then, once you want to set up the payment mandate, what do you do about the dynamic part of the challenge? Or is this another major design flaw? Replay attacks are a basic part of the security threat model.

Confused? I am.

By: Steven J. Murdoch

Steven J. Murdoch — Tue, 27 Oct 2009 02:31:04 +0000

The full programme is now on BBC iPlayer for the next 7 days, and a clip is also on YouTube.

By: Steven J. Murdoch

Steven J. Murdoch — Mon, 26 Oct 2009 16:46:25 +0000

@Daniel

Oops, now corrected; thanks for pointing this out. The programme airs today, Monday 26th October.

By: Daniel Willis

Daniel Willis — Mon, 26 Oct 2009 16:23:16 +0000

Steven,

You may wish to amend the article as the date appears to be incorrect. I’ll be watching this tonight with great interest.

Regards

Dan Willis