![[info]](http://l-stat.livejournal.com/img/userinfo.gif){kind=small}
How hackable are they?
NatWest has been sending out free card readers, which it requires you to have in order to do certain online banking things. Online shopping is unaffected (for the moment, though the device has currently-unused buttons...), but some stuff when you're logged into the back needs it.
This device first asks for your card's PIN. If you key it in correctly, it continues with the rest of the authentication process. If you get it wrong three times, it locks your card.
Point 1: The device is not tied to any one card. In fact, it's not even tied to NatWest cards, apparently, and will check the PIN of any chip-and-pin card. The FAQ says: "Can I use someone else's Card-Reader, even one from another bank or building society? Yes, but of course you can only use your own bank card and PIN. We recommend you only use a Card-Reader from a source you trust."
Point 2: The device is not plugged into anything, so is not connected to anywhere that it could be reading the pin from, other than the card currently plugged into it.
Conclusion: a hash of the PIN is stored on the card. Odds are this is not given to the reader, but rather a a boolean "pass-fail function" is provided by the card, where the card checks a given PIN against its hash and returns a boolean. That's how I'd do it. If you gave out the hash, people would crack that externally, after all.
Point 3: The device pulls almost no current, and is powered from a watch battery that will last for years. From the FAQ: "Why is the Card-Reader battery operated rather than solar powered? Unfortunately, a solar panel wouldn’t give the Card-Reader enough power." and "How long will the batteries last? The batteries should normally last five to seven years [...] you can either replace the batteries (2 X CR2032) or order a new Card-Reader from us." So two watch batteries can store enough "power", and the total power of a solar panel over 5 to 7 years would be insufficient? Something doesn't add up.
Conclusion: What batteries can do that the power cells can't, is provide a high-power surge on demand. Why would an LCD/chip-reading device need a high power surge? To write to an EEPROM: the chip, both to block it, and to write the number of failed tries to it. You couldn't store the number of failed devices in the device, since you could just take the batteries out and it'd forget; or plug the card into another device and get two more free tries. Write operations would be rare: only when you got your PIN wrong. So the batteries would last a long time.
Point 4: The FAQ says: "To unlock your card, simply visit any of our cash machines. Select 'PIN Services' then the 'PIN Unlock' option."
Conclusion: NatWest cash machines contain a writer that can unlock the chips (possibly by writing a new pin into it). No idea how this works, but I presume they prompt you for your PIN and compare it to a bank-stored version, rather than the inaccessible one on the locked card, and if it matches, then write that PIN into the card. I might be wrong - maybe the card continues to validate pin attempts once locked, but in that case: 1) Any bank's cash machine would work, just like any of these readers work to read the pin in the first place, and 2) it'd be really insecure.
Further conclusion: I see two potential vulnerabilities.
1: prevent the surge from hitting the chip, and you prevent it getting locked (or possibly prevent the counter from getting incremented: for security, that really has to be stored on the card). So you get infinite tries... or at least, up to 9999 of them, which is all you need.
2: odds are you can write the same "unlock" stuff to the card that the ATMs write. You'd think there'd be some kind of hash encoded by a bank's private key, that you'd also need to know... but I can't think of a way that wouldn't also work if you just generated your own keys. Of course, writing your own PIN to a card is only useful if there are devices out there that will accept a changed PIN. But both Chip&Pin and cash machines call your bank to verify - if the PIN has been changed, maybe they'd catch that at this point? That is, the process may (should) be:
That's how *I* would do it, anyway! Never, EVER trust the clientside!
3: The downside of that is (and this has already been found and exploited) that the machine needs to send your authentication information to the bank, and to the card. And at least one of those two channels are not encrypted. The one to the card, if I remember right. [Edit: yup. But read on for why I don't see this as a vulnerability, TBH.] Even if it were, a hacker with access to the reader hardware can just clip a magstripe reader inside, and record the keypresses from the keypad. Write the magstripe to another card with a killed chip, and Bob's your fairly close relative. Once all shops require chip and pin, though, and broken chips require authentication over the phone to the bank, then this stops being a realistic threat.
Misc notes: I have two readers, and on both the menu has options for: "Contrast", "English/Polski", "Counter" (currently reads "-----" - number of times used maybe?), and "Software ver 0875.11". There are two as-yet-unused buttons, "Identify" and "Sign".
Identify provides a "SecureCode" when you key in your PIN. Looks like it's a challenge key. Doing it twice gives two different "securecode"s: "2375 0947", "2548 8055".
Respond provides a challenge-response response. You enter your PIN, then a number from the NatWest site, then it gives you a "securecode" response (6 to 8 digits).
Sign lets you provide a numeric reference code, an amount (up to nnnnnnnnn.nn) and again it gives you the 6-8 digit "securecode".
NatWest has been sending out free card readers, which it requires you to have in order to do certain online banking things. Online shopping is unaffected (for the moment, though the device has currently-unused buttons...), but some stuff when you're logged into the back needs it.
This device first asks for your card's PIN. If you key it in correctly, it continues with the rest of the authentication process. If you get it wrong three times, it locks your card.
Point 1: The device is not tied to any one card. In fact, it's not even tied to NatWest cards, apparently, and will check the PIN of any chip-and-pin card. The FAQ says: "Can I use someone else's Card-Reader, even one from another bank or building society? Yes, but of course you can only use your own bank card and PIN. We recommend you only use a Card-Reader from a source you trust."
Point 2: The device is not plugged into anything, so is not connected to anywhere that it could be reading the pin from, other than the card currently plugged into it.
Conclusion: a hash of the PIN is stored on the card. Odds are this is not given to the reader, but rather a a boolean "pass-fail function" is provided by the card, where the card checks a given PIN against its hash and returns a boolean. That's how I'd do it. If you gave out the hash, people would crack that externally, after all.
Point 3: The device pulls almost no current, and is powered from a watch battery that will last for years. From the FAQ: "Why is the Card-Reader battery operated rather than solar powered? Unfortunately, a solar panel wouldn’t give the Card-Reader enough power." and "How long will the batteries last? The batteries should normally last five to seven years [...] you can either replace the batteries (2 X CR2032) or order a new Card-Reader from us." So two watch batteries can store enough "power", and the total power of a solar panel over 5 to 7 years would be insufficient? Something doesn't add up.
Conclusion: What batteries can do that the power cells can't, is provide a high-power surge on demand. Why would an LCD/chip-reading device need a high power surge? To write to an EEPROM: the chip, both to block it, and to write the number of failed tries to it. You couldn't store the number of failed devices in the device, since you could just take the batteries out and it'd forget; or plug the card into another device and get two more free tries. Write operations would be rare: only when you got your PIN wrong. So the batteries would last a long time.
Point 4: The FAQ says: "To unlock your card, simply visit any of our cash machines. Select 'PIN Services' then the 'PIN Unlock' option."
Conclusion: NatWest cash machines contain a writer that can unlock the chips (possibly by writing a new pin into it). No idea how this works, but I presume they prompt you for your PIN and compare it to a bank-stored version, rather than the inaccessible one on the locked card, and if it matches, then write that PIN into the card. I might be wrong - maybe the card continues to validate pin attempts once locked, but in that case: 1) Any bank's cash machine would work, just like any of these readers work to read the pin in the first place, and 2) it'd be really insecure.
Further conclusion: I see two potential vulnerabilities.
1: prevent the surge from hitting the chip, and you prevent it getting locked (or possibly prevent the counter from getting incremented: for security, that really has to be stored on the card). So you get infinite tries... or at least, up to 9999 of them, which is all you need.
2: odds are you can write the same "unlock" stuff to the card that the ATMs write. You'd think there'd be some kind of hash encoded by a bank's private key, that you'd also need to know... but I can't think of a way that wouldn't also work if you just generated your own keys. Of course, writing your own PIN to a card is only useful if there are devices out there that will accept a changed PIN. But both Chip&Pin and cash machines call your bank to verify - if the PIN has been changed, maybe they'd catch that at this point? That is, the process may (should) be:
- log in to local device (basic syntax checking);
- connect to remote server;
- authenticate remotely;
- give cash.
That's how *I* would do it, anyway! Never, EVER trust the clientside!
3: The downside of that is (and this has already been found and exploited) that the machine needs to send your authentication information to the bank, and to the card. And at least one of those two channels are not encrypted. The one to the card, if I remember right. [Edit: yup. But read on for why I don't see this as a vulnerability, TBH.] Even if it were, a hacker with access to the reader hardware can just clip a magstripe reader inside, and record the keypresses from the keypad. Write the magstripe to another card with a killed chip, and Bob's your fairly close relative. Once all shops require chip and pin, though, and broken chips require authentication over the phone to the bank, then this stops being a realistic threat.
Misc notes: I have two readers, and on both the menu has options for: "Contrast", "English/Polski", "Counter" (currently reads "-----" - number of times used maybe?), and "Software ver 0875.11". There are two as-yet-unused buttons, "Identify" and "Sign".
Identify provides a "SecureCode" when you key in your PIN. Looks like it's a challenge key. Doing it twice gives two different "securecode"s: "2375 0947", "2548 8055".
Respond provides a challenge-response response. You enter your PIN, then a number from the NatWest site, then it gives you a "securecode" response (6 to 8 digits).
Sign lets you provide a numeric reference code, an amount (up to nnnnnnnnn.nn) and again it gives you the 6-8 digit "securecode".
The problem I have with it - and I blogged this - is that it prevents you moving cash online if you've lost your card. Which is one time I would have *urgently* needed to move money when I was travelling.
Lose card, go online, move money to TSB account, access ATM with that. Easy.
Only now, I lose my ATM card, go online, move mon.... no. Wait. I can't. I now have a bank account full of cash I can't access because I'm in a small mountain town in Malaysia with no address for them to send me a replacement.
And of course you can't opt out of using the bloody thing.