[ISN] Pirates Cash in on Weak Chips (encrypt!)

From: mea culpa (jerichoat_private)
Date: Fri May 22 1998 - 13:41:05 PDT

  • Next message: William Knowles: "[ISN] Old 'New' hack on AOL security."

    Forwarded From: Aleph One <aleph1at_private>
       Pirates Cash In on Weak Chips
       by James Glave 
       5:03am  22.May.98.PDT
       An extensive and well-organized phone-card piracy scam that came to
       light this week in Germany has proven a multimillion dollar lesson in
       the perils of hiding sensitive data rather than encrypting it, a
       German computer security group said.
       "What I think people can learn from this is how expensive 'security by
       obscurity' can be," said Andy Mueller-Maguhn, spokesman for the Chaos
       Computer Club.
       Earlier this week, the German weekly newsmagazine Focus reported that
       scam artists from the Netherlands had flooded Germany with millions of
       illegally recharged telephone debit cards. The cards, designed for
       Deutsche Telekom payphones, use a simple EEP-ROM chip,
       developed by Siemens Corp., that deducts value from the card as
       minutes are used up.
       Ordinarily, once the credit balance reaches zero, the cards are thrown
       away or given to collectors. But the Dutch pirates found a way to
       bypass the simple security and recharge the cards without leaving any
       physical evidence of tampering. The pirates bought up thousands of
       spent cards in bulk from collectors, recharged them, and resold them
       cheaply to tobacco shops and other retail outlets across Germany.
       The magazine said that the German association of tobacconist
       wholesalers assesses the losses at DM60 million, or US$34 million
       With revenues last year of close to US$38 billion, Deutsche Telekom AG
       is Europe's largest telco and the third largest carrier worldwide.
       But according to Mueller-Maguhn and other card experts, the Dutch
       piracy operation is only the latest, albeit the most widespread, scam
       against Deutsche Telekom, which has encountered security problems with
       its cards since they were introduced in the 1980s.
       A spokesperson for Deutsche Telekom handling the card piracy issue did
       not return Wired News phone calls. It is not known if the pirates are
       in custody or still at large.
       According to Marcus Kuhn, a smart-card physical security expert at
       Cambridge University in the United Kingdom, the first generation of
       phone cards did not include any encryption, and were easily modified.
       "Anyone who observed, with a logic analyzer, the data traffic between
       a card and a public phone could fully understand the protocol and
       implement it on a simple microcontroller plus very little auxiliary
       logic," said Kuhn.
       Kuhn and Mueller-Maguhn said the flawed card was replaced in March
       1995 with the current model, which contains another Siemens chip, the
       SLE4433 -- commonly known as the "Eurochip." Though the Eurochip does
       contain some simple cryptography, the pirates soon heard about a bug
       hidden in the hardware that could allow the stored value to be reset.
       "[The Eurochip] has a bug in the chipmask, allowing [a cracker] to
       reload almost all the bits using an normally unused counter," said
       Kuhn said that he examined the flawed Eurochip under a microscope
       about six months ago, and saw what he described as "a typical
       lowest-cost cryptoalgorithm."
       Siemens declined to speak with Wired News for this story, other than
       to release a brief statement.
       "Siemens has devoted considerable resources to the development of
       leading-edge chip card technology, as well as to cutting chip
       development cycle time in an ongoing effort to identify possible
       security issues in next-generation technology," the statement said.
       Mueller-Maguhn and other sources made it clear that the Dutch pirates
       were not technically adept crackers or hackers. Rather, he said, they
       were con men who likely bought the know-how, or hired the person who
       discovered the bug, and then bought spent phone cards from collectors
       to reload them in the Netherlands.
       "Codebreaking is not an adequate description for this kind of attack,
       as it relies on simple electrical engineering errors in the chip
       layout and not on cryptoanalysis," said Kuhn.
       "These people weren't hackers, they did it solely for the money,"
       added Andreas Bogk, another member of the Chaos Computer Club.
       In the meantime, there is little Deutsche Telekom can do to stop the
       scam, because cracked cards are indistinguishable from the real thing,
       and the costs of tracking the pirate cards are prohibitive. Siemens
       and Deutsche Telekom are reportedly working on a new version of the
       Eurochip, called Eurochip2.
       But Mueller-Maguhn said that he isn't holding his breath that the
       companies will get it right on the third time.
       "Deutsche Telekom doesn't seem to learn about this in the chip-card
       business," he said. "They used [security by obscurity] in the first
       technique, then changed to security by obscurity in the second
       technique and now [will likely] do it the third time," Mueller-Maguhn
       "We'll have fun engineering the bugs in the Eurochip 2," he added.
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:54:17 PDT