New Research Revealed Flaw in Pin Verification System of EMV

A recent study by a group of researchers at ETH Zurich University has revealed severe flaws in the EVM protocol design that makes it prone to many types of attacks. Although the security for EMV has been advertised, many attacks over the years have indicated otherwise. 

EMV is the international standard protocol for smart card payments which is used by almost 9 billion users worldwide. It has derived its name from Europay, MasterCard, and Visa. The research paper, named “The EMV Standard: Break, Fix, Verify” contains a detailed analysis of the protocol and details of the attacks tested on real-world terminals. 

The proposed model has been claimed as the first that supports a fine-grained analysis of all relevant security guarantees that EMV is intended to offer. The model is used to automatically identify flaws that lead to two critical attacks: one that defrauds the cardholder and another that defrauds the merchant. The major flaw discovered is a flaw in the bypass PIN verification system for the contactless Visa cards. 

THE ATTACK

 EMV involves three parties: the consumer’s card, the merchant’s terminal, and the cardholder’s bank. The paper involved a demonstration of a practical attack that allows the attacker to make fraudulent, high-value purchases without the knowledge of the card’s PIN by the attacker. Another attack was explained that allowed the attacker to effectively steal goods by tricking terminals into accepting unauthentic offline transactions. 

In an offline contactless transaction with a visa or old Mastercard card, the card produces a cryptographic proof of the transaction, known as Application Cryptogram (AC). The card does not authenticate to the terminal the AC, and the terminal does not verify it. This enables the attacker to trick the terminal into accepting an unauthentic offline transaction. The bank can detect the wrong cryptogram, but this will happen when the acquirer submits the transaction data as part of the clearing record. By this time, it will become too late to catch the criminal that carried out the attack in the first place. 

The inception of smartphones as a standard paying method today can also be exploited for the attack. The researchers explained this using an attack model. They developed a proof of concept android application to carry out the attack. 

Two types of devices were employed for the setup- a POS (Point of Sale) emulator and a card emulator. In order to run the application, the device must have NFC support and an android version Kitkat 4.4 and older. 

The POS emulator is required to be held near the card to be attacked, and the card emulator is needed to be held near the payment terminal. These devices communicate through TCP/IP channel over wifi. 

In Visa contactless transactions, CTQ is responsible for determining the cardholder verification method to be used. The CTQ isn’t authenticated either to the bank or to the terminal. This was exploited by the researchers to implant a man-in-middle attack using the developed application.

This tells the terminal that online PIN verification is not required and that the consumer device CVM was performed. 

For the successful implementation of the attack, the attacker needs to know a compromised bank’s private key and inconspicuously control the terminal’s contact interface. 

One section of the paper also analyses the model used in a previous study by Galloway and Yunusov for the PIN bypass attack and the difference between their model and the current model. 

The presented paper uses the Tamarin tool. Researchers conducted a full scale, automatic, formal analysis of the formal mode of the latest version of the EMV that features all relevant methods for offline data authentication. 

The research gave the conclusion that Mastercard is safer than Visa. It does have some flaws, but those are difficult to exploit. The PIN is useless for Visa contactless transactions. The researchers have suggested that the liability arising on account of such malicious transactions should be either on the bank on the EVM companies. Right now, it is either on the customer or the merchant. 

To prevent the PIN bypass attack, the researchers have recommended that terminals should use Dynamic Data Authentication (DDA) for online transactions. The other fixes that were suggested by the researchers can be deployed on the terminals’ software/firmware and so they are attractive in terms of implementation because terminals’ software updates should be significantly less expensive and faster than other, more aggressive actions such as blocking cards in circulation and issuing new ones.