Vulnerabilities / Threats
8/1/2011
10:33 AM
Connect Directly
RSS
E-Mail
50%
50%

Legacy Support Leaves Chip-And-PIN Vulnerable

Black Hat talk will show that security and backwards compatibility are at odds in popular authentication technology.

Black Hat
Vulnerabilities in the increasingly popular chip-and-PIN authentication technology used in credit cards could make it easy for attackers to steal data at the point of sale, a researcher said.

At the Black Hat USA conference, a UBM TechWeb event, in Las Vegas this week, Andrea Barisani, chief security engineer for secure design consultancy Inverse Path, will join with colleagues to show how flaws in chip-and-PIN--which is becoming a standard in Europe and Asia--can be easily exploited.

Chip-and-PIN systems are designed to support legacy transactions--including the transmission of the card's password or PIN in plain text, Barisani observed. As a result, it can be a trivial matter for an attacker to install a skimmer on a point-of-sale terminal and steal the credit card data.

Barisani says these flaws can be found in current and emerging credit card systems, including the EuroPay-Mastercard-Visa (EMV) system that is being implemented worldwide. While EMV supports three types of cards--older magnetic stripe cards, current chip cards, and more secure chip cards--skimmers can force transactions to use the least secure transaction method, he warned.

"EMV is broken," Barisani said. "In order to fix the problem, they will have to change the standard and break compatibility with older cards."

EMV currently supports three different standards: static data authentication, an upgrade from older magstripe cards; dynamic data authentication, a more secure implementation that uses an encryption key to scramble transaction information; and combined data authentication, which implements more stringent security measures.

Attackers who can attach a skimming device to the point-of-sale (POS) terminal can control the security negotiation between the terminal and the consumer's credit card, Barisani explained. In order to support the older POS technologies, credit and debit cards will transmit a user's PIN in the clear if required by the terminal. A skimmer attacked to the device can then scoop up the details of the credit card.

Tampering with point-of-sale terminals has been a popular exploit among cybercriminals for years. In May, craft-supply chain Michaels notified customers that their credit- and debit-account details may have been leaked after finding more than 70 compromised POS terminals in its stores nationwide.

The chip-and-PIN flaws could be problematic for banks, which previously blamed users when a PIN was stolen or misused, clearing themselves of liability for the theft. But if the new vulnerabilities are exploited, the source of the PIN theft--and the liability for the loss--could be in question.

Read the rest of this article on Dark Reading.

The vendors, contractors, and other outside parties with which you do business can create a serious security risk. Here's how to keep this threat in check. Also in the new, all-digital issue of Dark Reading: Why focusing solely on your own company's security ignores the bigger picture. Download it now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0619
Published: 2014-10-23
Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1.7 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the current working directory.

CVE-2014-2230
Published: 2014-10-23
Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php.

CVE-2014-7281
Published: 2014-10-23
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.

CVE-2014-7292
Published: 2014-10-23
Open redirect vulnerability in the Click-Through feature in Newtelligence dasBlog 2.1 (2.1.8102.813), 2.2 (2.2.8279.16125), and 2.3 (2.3.9074.18820) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to ct.ashx.

CVE-2014-8071
Published: 2014-10-23
Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject arbitrary web script or HTML via the (1) givenName, (2) familyName, (3) address1, or (4) address2 parameter to registrationapp/registerPatient.page; the (5) comment parameter to all...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.