Tamperproof, yet playing Tetris.

Richard Clayton richard at highwayman.com
Sat Jan 6 07:30:24 EST 2007 

In article <87fyaqyrlj.fsf at snark.piermont.com>, Perry E. Metzger
<perry at piermont.com> writes

>Handheld "Chip & Pin" terminals for reading credit cards in the UK are
>required to be tamperproof to avoid the possibility of people
>suborning them. Here is a report from a group that has not merely
>tampered with such a terminal, but has (as a demo) converted it into a
>tetris game to demonstrate that they can make it do whatever they
>like.
>
>http://www.lightbluetouchpaper.org/2006/12/24/chip-pin-terminal-playing-tetris/

I think the proof-of-concept has been slightly misunderstood :(

The terminal is intended to be tamperproof in that once you have messed
with it, it can no longer communicate with the bank. As far as I know
the terminal delivers on this -- hard to say, because I bought it from
eBay "as is" with no knowledge of who had used it before or what secrets
it contained [it's legally my terminal, but that's the end of my
involvement !  all the credit goes to Saar and Steven who had all the
ideas and did all of the work]

However, if you don't want your terminal to do payments but just wish to
use it to capture PINs then it's tamper-evidence that is needed : and
that requires not only fancy seals and such, but also training for the
general public, such that they know what to look for.  Also, mayhap,
training for the merchant's staff if the merchant isn't in on the scam
and the terminal's innards have been surreptitiously replaced.

Of course you could have a bog-standard PC playing Tetris ... but it
doesn't seem terribly likely that people would type their PIN on the
keyboard; hence the subverting of a genuine device to clearly make the
point that people have no idea what is a genuine terminal attached to a
genuine credit card network. They just type and trust -- and the real
story here is that the protocols are not end to end :( and hence a man-
in-the-middle can do a great deal more than would be desirable :(

Note also that without a payment going through for the card (there's
that tamperproof property again), the credit card company's fancy
pattern recognition schemes for spotting fraud have nothing to bite
upon...

... at least until all the fraud victims complain that not only are
there <n> unauthorised charges on their bill (which are being hotly
disputed because the PIN was used so they "must" be genuine) but ALSO
that there is one tell-tale missing charge, for the site at which the
Tetris playing (well, that might be a give-away!) terminal was used.

-- 
richard                                                   Richard Clayton

Those who would give up essential Liberty, to purchase a little temporary 
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list