Journal of Cryptographic Engineering

, Volume 6, Issue 1, pp 49–59 | Cite as

When organized crime applies academic results: a forensic analysis of an in-card listening device

  • Houda Ferradi
  • Rémi Géraud
  • David Naccache
  • Assia Tria
Regular Paper


This paper describes the forensic analysis of what the authors believe to be the most sophisticated smart card fraud encountered to date. In 2010, Murdoch et al. (IEEE Symposium on Security and Privacy, pp 433–446, 2010) described a man-in-the-middle attack against EMV cards. Murdoch et al. (IEEE Symposium on Security and Privacy, pp 433–446, 2010) demonstrated the attack using a general purpose FPGA board, noting that “miniaturization is mostly a mechanical challenge, and well within the expertise of criminal gangs”. This indeed happened in 2011, when about 40 sophisticated card forgeries surfaced in the field. These forgeries are remarkable in that they embed two chips wired top-to-tail. The first chip is clipped from a genuine stolen card. The second chip plays the role of the man-in-the-middle and communicates directly with the point of sale terminal. The entire assembly is embedded in the plastic body of yet another stolen card. The forensic analysis relied on X-ray chip imaging, side-channel analysis, protocol analysis, and microscopic optical inspections.


Forensics Side-channel analysis EMV Smart cards 


  1. 1.
  2. 2.
    EMVCo. EMV Specification (Book 1), version 4.2 (2008).
  3. 3.
    EMVCo. EMV Specification (Book 2), version 4.2 (2008).
  4. 4.
    EMVCo. EMV Specification (Book 3), version 4.2 (2008).
  5. 5.
    French prosecution case number 1116791060Google Scholar
  6. 6.
    Mayes, K., Markantonakis, K., Chen, C.: Smart card platform fingerprinting. Glob. J. Adv. Card Technol., 78–82 (2006)Google Scholar
  7. 7.
    Murdoch, S.J., Drimer, S., Anderson, R., Bond, M.: Chip and pin is broken. In: 2010 IEEE Symposium on Security and Privacy, pp. 433–446. IEEE, New York (2010)Google Scholar
  8. 8.
    Rivest, R.L., Shamir, A.: How to reuse a “write-once” memory. Inf. Control 55(1), 1–19 (1982)MathSciNetCrossRefMATHGoogle Scholar
  9. 9.
    Souvignet, T., Frinken, J.: Differential power analysis as a digital forensic tool. Foren. Sci. Int. 230(1), 127–136 (2013)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2015

Authors and Affiliations

  • Houda Ferradi
    • 1
  • Rémi Géraud
    • 1
  • David Naccache
    • 1
  • Assia Tria
    • 2
  1. 1.Computer Science DepartmentÉcole normale supérieureParis Cedex 05France
  2. 2.Centre Microélectronique de ProvenceCEA-TEC PACAGardanneFrance

Personalised recommendations