11.09.2012 15:20
Chip and Skim
Ross Anderson von der University of Cambridge ist in der Branche für seine Veröffentlichungen über diverse Sicherheitsthemen bekannt und geschätzt. (Siehe etwa Costs of Cybercrime, VerifiedByVisa/MastercardSecurecode)Er hat schon 2010 über die Sicherheit des EMV Standards publiziert, jetzt kam von ihm ein neues Paper zu diesem Thema heraus: Chip and Skim: cloning EMV cards with the pre-play attack. Neben der technischen Beschreibung des Angriffes ist der Kontext rundherum interessant.Vom Blogpost dazu:
November last, on the Eurostar back from Paris, something struck me as I looked at the logs of ATM withdrawals disputed by Alex Gambin, a customer of HSBC in Malta. Comparing four grainy log pages on a tiny phone screen, I had to scroll away from the transaction data to see the page numbers, so I couldn’t take in the big picture in one go. I differentiated pages instead using the EMV Unpredictable Number field – a 32 bit field that’s supposed to be unique to each transaction. I soon got muddled up… it turned out that the unpredictable numbers… well… weren’t. Each shared 17 bits in common and the remaining 15 looked at first glance like a counter. The numbers are tabulated as follows:... Just like most vulnerabilities we find these days some in industry already knew about it but covered it up; we have indications the crooks know about this too, and we believe it explains a good portion of the unsolved phantom withdrawal cases reported to us for which we had until recently no explanation.D.h. das ist keine rein theoretische Forschung, sondern das Problem ist in der realen Welt bereits aufgetreten. Damit kommt dann Ross (+Mitautoren) auf folgende Zusammenfassung:
Viability of the pre-play attack has significant legal ramifications. It can no longer be taken for granted that data in a logged transaction was harvested at the time and place claimed, which undermines the reliability of evidence in both civil and criminal cases. To show that a given transaction was made by a particular card, it is now necessary to show that the random number generator on the ATM or POS was sound....Under existing Visa guidelines, logs should be retained in case of dispute. Yet in recent cases we have dealt with, logs were routinely destroyed after 90 or 180 days regardless of whether a dispute was in progress. [...] Banks which destroy evidence should become automatically liable for the full sums in dispute, including costs. ...In the meantime, there is a structural governance failure that gives rise to systemic risk. ...It is time for bank regulators to take an interest. It's welcome that the US Federal Reserve is now paying attention, and time for European regulators to follow suit.Ja, es ist ernsthaft schwierig und teuer, die "installed base" aller Karten und Terminal auszutauschen um auf neu entdeckte Sicherheitsproblem zu reagieren. Ist ja ok, es ist immer eine Abwägung zwischen "Was hab ich an Schaden" und "Was kostet die Änderung". Nur bitte: das Risiko kann man nicht einfach so auf die Kunden abwälzen.Autor: Otmar Lendl