Yet another EMV vulnerability has been disclosed:
EMV, also known as “Chip and PIN”, is the
leading system for card payments worldwide. It is used
throughout Europe and much of Asia, and is starting to be
introduced in North America too. Payment cards contain a
chip so they can execute an authentication protocol. This
protocol requires point-of-sale (POS) terminals or ATMs to
generate a nonce, called the unpredictable number, for each
transaction to ensure it is fresh. We have discovered two serious
problems: a widespread implementation flaw and a deeper,
more difficult to fix flaw with the EMV protocol itself. The
first flaw is that some EMV implementers have merely used
counters, timestamps or home-grown algorithms to supply this
nonce. This exposes them to a “pre-play” attack which is
indistinguishable from card cloning from the standpoint of the
logs available to the card-issuing bank, and can be carried out
even if it is impossible to clone a card physically. Card cloning
is the very type of fraud that EMV was supposed to prevent.
We describe how we detected the vulnerability, a survey
methodology we developed to chart the scope of the weakness,
evidence from ATM and terminal experiments in the field, and
our implementation of proof-of-concept attacks. We found flaws
in widely-used ATMs from the largest manufacturers.
http://www.cl.cam.ac.uk/~sjm217/pape...hipandskim.pdf
Here is a less technical article:
http://threatpost.com/researchers-fi...ation-protocol
--Wow 300 pages! (assuming default posts/page).