Search This Blog

Powered by Blogger.

Blog Archive

Labels

French researchers claim fraudsters stole $680,000 Via MitM attack on EMV cards

French researchers claim fraudsters stole $680,000 Via MitM attack on EMV cards
A French researcher member solved a four-year-old case in which fraudsters stole nearly $680,000 through a man-in-the-middle (MitM) attack, which designs to prevent the PIN verification message from getting to the card in the second phase of the transaction, on Europay Master Visa Cards (EMV) that is known as chip-and-PIN cards is regarded as more secure than the magnetic stripe technology that the country’s banks have been using.

However, the researchers said that such attacks were no longer possible because of the invention of a new authentication mode dubbed “Combined Data Authentication” or CDA, and a series of network-level protections.

According to a blog post by Security Week on October 20, in 2010, researchers at the University of Cambridge in the United Kingdom discovered a flaw that allowed criminals to use stolen chip-and-PIN cards without knowing their PIN.

During that time, researchers noted that it would not be difficult for criminals to miniaturize the MitM device that needed to be attached to the card.

However, next year a French banking group learned that a dozen EMV cards, which were stolen in France, had been used in Belgium. Since conducting fraudulent transactions using EMV cards should have been impossible, an investigation was launched.

“Comparing the time and geographical location of the fraudulent transactions to the International Mobile Subscriber Identity (IMSI) numbers of SIM cards present near the crime scenes led investigators to a 25-year-old woman. Authorities later arrested other members of the gang, including the engineer who created the fake chip-and-PIN cards,” the blog post added.

It is said that roughly €600,000 ($680,000) have stolen by conducting 7,000 transactions using 40 modified cards.

In a research paper published by the French researchers, they regarded it as the most sophisticated smart card fraud encountered to date and during which two chips were used, which the crooks placed on top of each other, to conduct the attack.

“The first chip was clipped from a genuine stolen card, while the second, which acted as the MitM device tasked with ensuring that the card would accept the PIN regardless of the PIN that was entered, was a FUN card, an open card used by hobbyists and for prototypes,” the post added.
Share it: