Solder a 0.3mm chip onto a credit card and Chip-and-PIN is yours to pwn

No one's exactly sure how fraudsters stole over $680,000 from hijacked chip-and-PIN credit cards in Belgium, because the cards are still evidence and can't be subjected to a full tear-down but based on the X-rays of the tampered cards, it's a good bet that the thieves glued a 0.3mm hobbyist FUN chip over the card's own chip, and programmed it to bypass all PIN entries.

The attack has been understood in theory since 2010, when Ross Anderson and colleagues published a paper proposing it as the answer to many fraud victims' claims that their own cards had been used in frauds that included successful PIN entries.

A French research group published a paper last week that analyzed the tampered cards and presented compelling evidence that the fraudsters used the method that Anderson and his colleagues described. Anderson doesn't believe the fraudsters used his paper as a roadmap, rather, he thinks that the attack has been in the wild since before he described it.

As the US rolls out its own chip-and-PIN infrastructure, it's important to carefully document the system's failings. Banks in the EU have long claimed chip-and-PIN to be invulnerable, and have used this as the basis to deny fraud claims, saying that if the PIN was entered at the point of sale, it proved that the customer had been negligent in keeping the PIN a secret.

The chip-and-PIN consortium say that this vulnerability has been addressed, but the fact that there was a vulnerability in the system indicates that more are likely to surface, and that frauds committed with chip-and-PIN cards are no more or less suspect than those committed with signature/magstripe cards.

According to the paper, the fraudsters were able to perform a man-in-the-middle attack by programming a second hobbyist chip called a FUN card to accept any PIN entry, and soldering that chip onto the card’s original chip. This increased the thickness of the chip from 0.4mm to 0.7mm, "making insertion into a PoS somewhat uneasy but perfectly feasible,” the researchers write.

The hackers took advantage of the fact that PIN authentication was, at least at the time, decoupled from transaction verification on EMV cards in Europe.

The researchers explain that a typical EMV transaction involves three steps: card authentication, cardholder verification, and then transaction authorization. During a transaction using one of the altered cards, the original chip was allowed to respond with the card authentication as normal. Then, during card holder authentication, the POS system would ask for a user’s PIN, the thief would respond with any PIN, and the FUN card would step in and send the POS the code indicating that it was ok to proceed with the transaction because the PIN checked out. During the final transaction authentication phase, the FUN card would relay the transaction data between the POS and the original chip, sending the issuing bank an authorization request cryptogram which the card issuer uses to tell the POS system whether to accept the transaction or not.

How a criminal ring defeated the secure chip-and-PIN credit cards
[Megan Geuss/Ars Technica]

(Image: Houda Ferradi, Rémi Géraud, David Naccache, and Assia Tria. "False colors X-ray image of the forgery. Different colors correspond to different materials. The stolen chip is clearly visible in green.")