Subverting PIN Encryption For Bank Cards 182
An anonymous reader sends in a story at Wired about the increasingly popular methods criminals are using to bypass PIN encryption and rack up millions of dollars in fraudulent withdrawals. Quoting:
"According to the payment-card industry ... standards for credit card transaction security, [PINs] are supposed to be encrypted in transit, which should theoretically protect them if someone intercepts the data. The problem, however, is that a PIN must pass through multiple HSMs across multiple bank networks en route to the customer's bank. These HSMs are configured and managed differently, some by contractors not directly related to the bank. At every switching point, the PIN must be decrypted, then re-encrypted with the proper key for the next leg in its journey, which is itself encrypted under a master key that is generally stored in the module or in the module's application programming interface, or API. 'Essentially, the thief tricks the HSM into providing the encryption key,' says Sartin. 'This is possible due to poor configuration of the HSM or vulnerabilities created from having bloated functions on the device.'"
Old becomes new (Score:5, Interesting)
outdated banking systems (Score:5, Interesting)
According to the payment-card industry, or PCI, standards for credit card transaction security, PIN numbers are supposed to be encrypted in transit, which should theoretically protect them if someone intercepts the data. The problem, however, is that a PIN must pass through multiple HSMs (hardware security module) across multiple bank networks en route to the customer's bank. These HSMs are configured and managed differently, some by contractors not directly related to the bank. At every switching point, the PIN must be decrypted, then re-encrypted with the proper key for the next leg in its journey, which is itself encrypted under a master key that is generally stored in the module or in the module's application programming interface, or API.
"Essentially, the thief tricks the HSM into providing the encryption key," says Sartin. "This is possible due to poor configuration of the HSM or vulnerabilities created from having bloated functions on the device."
Sartin says HSMs need to be able to serve many types of customers in many countries where processing standards may be different from the U.S. As a result, the devices come with enabled functions that aren't needed and can be exploited by an intruder into working to defeat the device's security measures. Once a thief captures and decrypts one PIN block, it becomes trivial to decrypt others on a network.
- seems that one part of a problem is the requirement itself to decrypt/re-encrypt PINs in every HSM.
Other kinds of attacks occur against PINs after they arrive at the card-issuing bank Once encrypted PINs arrive at the HSM at the issuing bank, the HSM communicates with the bank's mainframe system to decrypt the PIN and the customer's 16-digit account number for a brief period to authorize the transaction.
During that period, the data is briefly held in the system's memory in unencrypted form.
Sartin says some attackers have created malware that scrapes the memory to capture the data.
- this is another problem in itself, there shouldn't be a need to decrypt PIN if a correct hash function is used, compare the hash instead, this way PINs don't need to be unencrypted anywhere.
--
This shows that some banking systems are outdated when it comes to security. Another problem that is identified is that there are too many ways for thieves to access and install unauthorized software on these systems.
"Memory scrapers are in as much as a third of all cases we're seeing, or utilities that scrape data from unallocated space," Sartin says. "This is a huge vulnerability."
He says the stolen data is often stored in a file right on the hacked system.
"These victims don't see it," Sartin says. "They rely almost purely on anti-virus to detect things that show up on systems that aren't supposed to be there. But they're not looking for a 30-gig file growing on a system."
- it is not clear what exactly types of systems are mentioned here? If it's the mainframe, where unencoded PINs are compared, then what anti-virus is he talking about? So it's not mainframes, then what, the HMS? Why should a virus be able to cross from a machine that can be affected by a virus to such a device?
Does anyone here know whether these so called 'HMS' machines are in actuality windows 95 boxes connected to the web or something?
Seriously though, the banks need to retrofit.
Also it seems that holding money in a bank is becoming quite troublesome.
Re:Wow (Score:5, Interesting)
Now, there's nothing stopping you from using a higher-level protocol like SSL with other network architectures, but ATMs already have their own security mechanisms that predate SSL by a long shot, and the use of SSL, at least culturally, is tied pretty closely with TCP/IP. What surprises me, though, is that the HSMs must decrypt a message at every interchange, and re-encrypt it. I'm sure financial networks were around before asymmetric encryption was widely known or used, but they've had a long time to do this the right way now. The fact that these networks are still vulnerable to MITM attacks is pretty shocking.
Anyway, I don't know a whole lot about financial networks. Anyone care to fill us in?
Re:It ain't that easy (Score:2, Interesting)
Curious (Score:5, Interesting)
Strangely enough, about 2 weeks ago I got a call from my bank saying they had noticed some "odd" transactions on my debit card (which is a chip and pin deal).
Very small amounts of money, somewhere between £1.40 and £1.70 had been transferred from my account to various accounts in America, via this card. The strange thing was that this was a brand new card, I had to get my old card replaced just after christmas as an unfortunate wallet incident had cracked the old one in half.
Between January and March, I had bought nearly nothing with the card, certainly nothing out of the ordinary and until now, I was slightly perplexed as to how my card could have been compromised.
I'm glad my bank were on the ball, I've only lost somewhere around £4, which is lucky considering I had a few hundred pounds in my account at the time.
Re:Wow (Score:4, Interesting)
Banks prefer a conservative approach, using tried and tested 18th century steam punk hardware.
"I wasn't aware that boiling water could form allegiances."
But you're right.
One of the banks I go to still requires filled out deposit slips, ink signatures, and still has a "next business day before 2" in regards to processing your deposits. To that I say, "Come on, this is the digital age!"
One of the Banks I go to, the one near my college, does EVERYTHING instantaneously. You deposit money, it is now in your checking account. You can go outside to the ATM to withdraw it or go spend it at the supermarket. Pay with a debit card? It instantly deducts it from your account. Pay with the spoof "Credit Card" option? It deducts it that night.
Many banks are indeed stuck in the bygone era of paper trails and physical filing, when much faster, more convenient digital solutions are available.
Re:It ain't that easy (Score:5, Interesting)
I cannot answer that without opening myself to some costy lawsuits. But there is a good reason why banks don't take security more serious.
Ponder for one moment why it could be beneficial for a bank if money is missing and nobody is really able to find out how much...
Re:So this is what my $2.00 buys me? (Score:2, Interesting)
That's not free money. ATM's cost in upwards of $30k (for a Diebold Opteva) - then there is circuit cost, depreciation, loading money in the machines (that doesn't earn interest in the financial institution's overnight account), supplies, maintenance, etc. Unless you're in a high traffic or tourist area, making a couple $100 in PROFIT after all expenses on an ATM is good.
Mostly they lose money. It's a cost-center.
As a retail bank, if you don't allow your customers to deposit & withdraw money, you won't have much of a business.
The alternative is paying for a bank teller's salary & training, which is probably more than $30k annually. ATMs are much cheaper than the alternative.
Don't enter your PIN (Score:5, Interesting)
Re:Wow (Score:3, Interesting)
Pretty much. My wife works at a CU doing all there ACH's, wires and such. Some of the stories she tells about running batch scripts to download files and how they have to make sure each day to delete the old files or they will just post all of yesterdays stuff again and my favorite, there bank actually has them use vanilla FTP to transfer check images...
No wonder the CU's took a billion dollar+ fraud hit this year
Re:outdated banking systems (Score:3, Interesting)
The idea of a salt is that the salt is not very secret, but makes it infeasible to construct a dictionary of hashed keys. You don't need to construct a dictionary of hashes for PIN numbers since they are only 14 bits; trying the hash function for the whole key space with the known salt takes only a fraction of a second. If you want to keep the salt secret, then it isn't really a salt anymore but rather a private encryption key and you have to design a way to securely distribute those private keys from all possible bank systems to all the ATMs over the world. There are ways to do that, but you can't really call it a salt anymore.
Re:So this is what my $2.00 buys me? (Score:4, Interesting)
Most of the UK banks no longer charge for ATM services.
Some of them started charging for using competitors ATMs, but the resulting hoohah quickly stopped that.
One of the few upsides to my current bank is that I can literally use any ATM in the UK to get cash, and as long as it's a bank ATM, for no charge.
About the only ATMs that charge for transactions in the UK now are the non-bank ones that crop up in convenience stores and motorway service stations.
Re:It ain't that easy (Score:1, Interesting)
If the operate in the USA, that line of thinking is one internal memo or whistleblower statement away from some serious Sarbanes-Oaxely issues for the top executives. Given the generally low opinion financial institutions currently have, prosecutors have plenty of motivation to make high profile examples of greedy bank executives. I'm not saying it won't or doesn't happen, but this has to be the most risky time in the history of US finance to willfully use unethical accounting.
capthca = "deterred"
Re:Wow (Score:3, Interesting)
Not true. Unix passwords are never decrypted.
The parent is, of course, referring to one way hashing (crypt, MD5, SHA-1, and the like). Unix passwords were originally stored in the /etc/passwd file for all the world to see—any user could open the file and see everyone's password hashes.
One-way hashes keep systems secure by virtue of computational complexity: an attacker must blindly try passwords (either by brute force or word list) until he finds the one that produces the correct hash. However, there are many different possible passwords. How many? If users use no more than eight letters or numbers, the total number of possible passwords is the sum from i=0 to 8 of (26+26+10)^i = 2.2192 * 10^14. Even at 10 million checks per second [openwall.info], it would take 256 days to check them all.
Unfortunately, I've never seen a bank that allows you any more (or less) than four digit PINs, which is only 10^4 = 1000 combinations. This makes one-way hashes less than useless for encrypted PINs: Anyone who knows how to compute the hash and possesses a list of hashed PINs could easily crack PIN numbers very, very quickly.
Bank deposit latency (Score:3, Interesting)
I recently saw a presentation from a Rhode Island bank. They were going to allow their business customers to install on-site check scanners, the same kind you see in the banks. One of the touted features was that these scanned deposits would be credited instantly, instead of on the next business day.
In exchange for saving them manual labor (their tellers currently have to scan the checks), they would charge you only $75/month for having the scanner! And just think of the extra interest from that day of deposit. They genuinely believed that this was a financial technology revolution, on par with the ATM.
(I did the math; assuming 5% APR, which nobody gets anymore, you'd have to be doing about $550,000 in daily deposits to make back the $75/month.)
Re:Bank deposit latency (Score:4, Interesting)
Apparently they forgot to mention another benefit of this system: fraud prevention. We scan any check over a certain amount (I don't know how much, I didn't write the policy). If it's a bad check, we know right away, before the merchandise walks out the door.