Pincode makkelijker te achterhalen
Cees Binkhorst
cees at BINKHORST.XS4ALL.NL
Mon Feb 24 18:33:25 CET 2003
REPLY TO: D66 at nic.surfnet.nl
Mark Koek <mark at koek.net> schreef:
> Cees Binkhorst schreef:
> > Hij ligt beslist niet vast op de magneetstrip!
> > Die is namelijk met een niet duur en gemakkelijk verkrijgbaar
> > apparaat te lezen.
>
> Juliie hebben beide enigszins gelijk: op je pas staat wel een PIN, maar dat is
> een 'offset' (verschil) met de echte PIN.
>
> De automaat telt eerst de PIN die in de magneetstrip staat op bij de PIN die is
> ingetoetst. Het resultaat moet de "echte" PIN zijn.
>
> Op die manier kun je zelf je PIN wijzigen, zonder dat je de bank nodig hebt.
Dat is mogelijk bij _sommige_ banken. Niet bij allemaal (Rabo=niet).
Overigens is hier al eerder over geschreven (Michael Bond wordt in
het onderstaande artikel genoemd en Mike Bond is een van de twee
schrijvers van het Technical Report, van deze maand, waarin de
methode wordt beschreven):
http://www.vnunet.com/News/1126764
Students hack for PIN money 9-11-2001
[knip]
Security firm @stake said that many high street banks could only be
vulnerable to an inside attack because the researchers admitted that
the technique required around 20 minutes of uninterrupted access to
the device. However, this still leaves data vulnerable to internal
corruption.
A case in point is Graham Browne, former head of the encryption unit
at Barclays, who was yesterday acquitted of attempting to extort £25m
from the bank after threatening to expose confidential security
information.
The research carried out by computing students Michael Bond and
Richard Clayton revealed that, although the IBM 4758 is an extremely
secure crytographic co-processor, it is possible by "a mixture of
sleight of hand and raw processing power" to persuade the device to
export all its DES and 3DES encryption keys.
"The attack can only be performed by an insider with physical access
to the cryptographic co-processor, but they can act alone," the
students said.
.They emphasised that the most likely source of attack would be from
a corrupt high level employee, as a "standard off-the-shelf $995 FPGA
evaluation board from Altera" is needed to brute force the encryption
scheme.
However, using such a device is "a reasonably straightforward task
that does not require specialist hardware design knowledge and, since
the board is pre-built and comes with all the necessary connectors
and tools, it is entirely suitable for amateur use", they said.
But industry experts have hit back at the claims. "You would have to
be in a position to launch that attack and a lot of these systems
won't have direct connections to the internet," said Mark Read,
network security analyst at MIS Corporate Defence Solutions,
highlighting the fact that an outsider attack is very unlikely.
IBM also claims the hack can only be done under strict laboratory
conditions and is not possible in real bank systems. "Normal bank
practice and procedure would prevent any possibility of launching
such an attack," said a spokeswoman.
"This academic study is based on specific laboratory conditions. In
the real world there are too many physical safeguards and authority
protections for such an attack to be successful," she added.
But Bond and Clayton maintain that, until IBM fixes the Common
Cryptographic Architecture software, "banks are vulnerable to a
dishonest branch manager whose teenager has $995 and a few hours to
spend in duplicating our work".
Groet,
Cees
>
>
> Mark
>
> **********
> Dit bericht is verzonden via de informele D66 discussielijst (D66 at nic.surfnet.nl).
> Aanmelden: stuur een email naar LISTSERV at nic.surfnet.nl met in het tekstveld alleen: SUBSCRIBE D66
> Afmelden: stuur een email naar LISTSERV at nic.surfnet.nl met in het tekstveld alleen: SIGNOFF D66
> Het on-line archief is te vinden op: http://listserv.surfnet.nl/archives/d66.html
> **********
>
**********
Dit bericht is verzonden via de informele D66 discussielijst (D66 at nic.surfnet.nl).
Aanmelden: stuur een email naar LISTSERV at nic.surfnet.nl met in het tekstveld alleen: SUBSCRIBE D66
Afmelden: stuur een email naar LISTSERV at nic.surfnet.nl met in het tekstveld alleen: SIGNOFF D66
Het on-line archief is te vinden op: http://listserv.surfnet.nl/archives/d66.html
**********
More information about the D66
mailing list