http://redtape.msnbc.com/2006/11/researchers_who.html
Pretty scary stuff if effectively implemented.
Pretty scary stuff if effectively implemented.
Researchers who work for an Israeli computer security company say they have discovered a fundamental weakness in the system that banks use to keep debit card PIN codes secret while they are transported across bank networks – a flaw that they say could undermine the entire debit card system.
The U.S. Secret Service is investigating the matter, and MSNBC.com obtained a memo compiled by the agency that indicates that organized criminals are systematically attempting to subvert the ATM system and unscramble encrypted PIN traffic.
The report has ignited a debate within the banking industry, with many financial industry experts downplaying the seriousness of the flaw and outside experts divided on its implications. But there is no disputing the impact that such a hack would have if successful.
.....................................
PINs thought to be unassailable in transit
The attack theory is significant because it has long been considered impossible to access PINs as they are traveling through the ATM network without the encryption key used by the card-issuing bank. But the ARX report said issuer keys are not necessary because computers along the network can be tricked into revealing PINs through a series of electronic queries that would enable criminals to make educated guesses about – and possibly break -- the encryption code. ARX sells hardware security modules to ATM networks, but Ostrovsky said its machines also are vulnerable to the attacks because they must communicate with other ATM network computers using the flawed protocols.
Ostrovsky said her company shared the research with the Visa credit card association’s risk management team and other U.S. financial industry security experts six months ago, and recommended systemwide ATM network changes. But U.S. banks weren’t reacting fast enough to the risk, she said, so ARX decided to go public with its information and two weeks ago published a paper titled “The Unbearable Lightness of PIN cracking,†which is now available on the Internet (in Adobe Acrobat format).
Kim Bruce, a spokeswoman for the Secret Service, confirmed that the agency had been in contact with ARX to discuss the paper’s findings, but declined to provide additional detail.
.....................................
How the attacks would work
The attacks described in the ARX paper could not be conducted remotely over the Internet. They would require a criminal to be on the same local network as the hardware security module. Because ATM switches are heavily guarded and monitored, such access is unlikely, argued a BITS representative, who spoke on condition of anonymity.
But such ATM switches can be located anywhere in the world, Ostrovsky countered. That creates a “weakest link†vulnerability in which one poorly guarded switch could theoretically be used to compromise every bank whose debit cards have flowed through that switch, she said.
Each switch contains a hardware security module, which is a simple computer in a tamper-proof box designed to perform a few PIN-related functions, beginning with decrypting and encrypting. But the boxes also contain other small programs, or functions, which allow the machines to change a customer’s PIN or calculate other PIN-related values. Most ATM switches don’t need these tools; however, they are often available by default.
This unnecessary software is exploited in some of the attacks described by the paper, which recommends that switch operators turn off the unnecessary functions. But even that’s not enough, Ostrovsky said. The one essential function of a switch -- encrypting and decrypting, a process known as “translate†-- is all an attacker needs to trick the machine into divulging PINs, a hack that would put nearly every ATM switch at risk, she said.
“This is not an attack on a certain configuration or installation. This is an attack on the protocol itself. It must be updated,†Ostrovsky said.
There are competing protocols, or PIN block formats, in use in the ATM network, and each machine must support all those formats, she explained. In one version, the 16-digit PIN block contains two formatting characters, four PIN characters, and 10 additional slots with information about the customer’s account number. That’s the standard used in the U.S. Another standard combines the formatting characters and PIN characters with random digits, and sends the account number separately.
The translate function not only assists in encrypting – it also allows the machine to translate the PIN block from one format to another. This allows an attacker to take advantage of the weaknesses of both, creating“least-common denominator†vulnerability, Ostrovsky said.
The BITS representative who spoke on condition of anonymity conceded such attacks are feasible, but called the risk “very, very, very, very remote.†He added that bank robbers have much easier ways of stealing money than complicated PIN prediction tactics.
Litan is not so sure. She said the research paper undermines the basic premise of ATM network security – the idea that only a computer loaded with the encryption key created by the issuing bank can reveal a PIN.
“The premise was ‘It doesn't matter what happens along the path,’ so even people who could access the PIN blocks couldn’t do anything with them,†she said. “This blows that out of the water.â€