Researchers have discovered serious security vulnerabilities in a pair of protocols used by software in some point-of-sale terminals, bugs that could lead to easy theft of money from customers or retailers.
The vulnerabilities lie in two separate protocols that are used in PoS systems, mainly in Germany, but also in some other European countries. Karsten Nohl, a prominent security researcher, and two colleagues, discovered that ZVT, an older protocol, contains a weakness that enables an attacker to read data from credit and debit cards under some circumstances. In order to exploit the vulnerability, an attacker would need to have a man-in-the-middle position on the target network, which isn’t usually a terribly high barrier for experienced attackers.
The attacker also would have the ability to steal a victim’s PIN from a vulnerable terminal, thanks to the use of an easy timing attack. Having the PIN, along with the ability to read the victim’s card data from the terminal, would allow an attacker to execute fraudulent transactions.
“This mechanism is protected by a cryptographic signature (MAC). The symmetric signature key, however, is sometimes stored in Hardware Security Modules (HSMs), of which some are vulnerable to a simple timing attack, which discloses valid signatures. A signature extracted from one such HSM can be used to attack other, more secure models since the signature key is the same across many terminals, violating a base principle of security design,” the researchers from Security Research Labs wrote in an explanation of the research, which was presented at the 32C3 conference in Berlin earlier this week.
Nohl and his colleagues also discovered a problem with the ISO 8583 protocol, which is used for communications between payment terminals and payment processors. One version of this protocol, known as Poseidon, has an authentication flaw related to the way the secret key is implemented in terminals. Many terminals use the same secret key, which makes it somewhat less-than-secret. The researchers discovered that they could manipulate data on a target terminal and get access to the merchant account for that terminal.
“Therefore, after changing a single number (Terminal ID) in any one terminal, that terminal provides access to the merchant account that Terminal ID belongs to. To make matters worse, Terminal IDs are printed on every payment receipt, allowing for simple fraud. Fraudsters can, among other things, refund money, or print SIM card top-up vouchers – all at the cost of the victim merchant,” the researchers wrote.
The researchers disclosed their findings to German banks and payment processors before revealing them publicly, and said that action is needed to defend against these attacks. The most important change is to implement discrete authentication keys for every terminal, the researchers said.
Photo from Flickr stream of Alexander Cahlenstein.