[ISN] Attack Exposes ATM Vulnerabilities

From: InfoSec News (isnat_private)
Date: Mon Feb 24 2003 - 03:15:06 PST

  • Next message: InfoSec News: "[ISN] Crypto attack against SSL outlined"

    http://www.eweek.com/article2/0,3959,899796,00.asp
    
    [Also: http://cryptome.org/pacc.htm - WK]
    
    
    By Dennis Fisher
    February 21, 2003 
    
    Two Cambridge University researchers have discovered a new attack on
    the hardware security nodules employed by banks that makes it possible
    to retrieve customers' cash machine PINs in an average of 15 tries.
    
    The attack takes advantage of a weakness in the cryptographic model
    used by many HSMs to encrypt, store and retrieve PINs. The system,
    used by many ATMs, reads the customer's account number that is encoded
    on the magnetic strip of the ATM card. The software then encrypts the
    account number using a secret DES key. The ciphertext of the account
    number is then converted to hexadecimal and the first four digits of
    it are retained.
    
    Those digits are then put through a decimalization table, which
    converts them to a format that's usable on the ATM keypad. By
    manipulating the contents of this table, it's possible for an attacker
    to learn progressively more about the PIN with each guess. Using
    various schemes described in the paper, a knowledgeable attacker could
    discover as many as 7,000 PINs in a half hour, the authors say.
    
    The paper, written by Mike Bond and Piotr Zielinski, goes on to say
    that typical security countermeasures such as intrusion detection
    systems are all but useless against this attack. Many banks have
    systems in place that prevent users from trying another PIN once
    they've failed three times in a row. These failures generate alerts
    within the bank.
    
    But, as the authors point out, an internal attacker "can discover a
    PIN without raising the alarm by inserting the attack transactions
    just before genuine transactions from the customer which will reset
    the count."
    
    The researchers' paper has drawn quite a bit of attention and is now
    part of a controversial court case in the U.K. concerning so-called
    phantom withdrawals from ATMs. The case concerns a South African
    couple that claims someone used their Diners Club card to make 190
    withdrawals at ATMs all over the U.K. while they were in South Africa.  
    The card's issuer says that's not possible, because their ATM network
    is secure, and is suing the couple to recover the nearly $80,000 that
    was charged against the card. The couple has refused to pay, according
    to court documents filed in the case.
    
    As part of the defense, Bond has been asked to testify about the
    ATM-related weaknesses he and Zielinski address in their paper.  
    However, the plaintiffs, Diners Club SA Ltd., have asked for a secrecy
    order around the testimony of Bond and other security experts, saying
    that the publication of the ATM issues described in the paper would
    harm their business and open their networks up to attack.
    
    Ross Anderson, a well-known and highly regarded security expert and
    Bond's research advisor at Cambridge, wrote a letter to the judge
    handling the case, asking him to deny Diners Club's request. Anderson
    argues that Bond's and Zielinski's paper—as well as a related one he
    and Bond wrote last fall—are based on information in the public domain
    and that the order would interfere with research, teaching and, in the
    end, make worldwide banking networks less secure.
    
    "In addition to being published material, derived from open sources,
    and of crucial importance to the defendants' case, the vulnerabilities
    are likely to be crucially important in other cases brought in the
    U.K. and elsewhere over disputed ATM transactions," Anderson wrote in
    his letter. "Bond plans to incorporate much of this material into his
    Ph.D. thesis. It is spectacularly unfair for the applicant to ask you,
    in effect, to prohibit Bond from including in his thesis a scientific
    discovery that he has already published."
    
    The judge began hearing testimony in the case Thursday. No ruling has
    been made on the secrecy order.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Feb 24 2003 - 06:04:44 PST