Skip to main content
SpringerLink
Log in

When organized crime applies academic results: a forensic analysis of an in-card listening device

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

This paper describes the forensic analysis of what the authors believe to be the most sophisticated smart card fraud encountered to date. In 2010, Murdoch et al. (IEEE Symposium on Security and Privacy, pp 433–446, 2010) described a man-in-the-middle attack against EMV cards. Murdoch et al. (IEEE Symposium on Security and Privacy, pp 433–446, 2010) demonstrated the attack using a general purpose FPGA board, noting that “miniaturization is mostly a mechanical challenge, and well within the expertise of criminal gangs”. This indeed happened in 2011, when about 40 sophisticated card forgeries surfaced in the field. These forgeries are remarkable in that they embed two chips wired top-to-tail. The first chip is clipped from a genuine stolen card. The second chip plays the role of the man-in-the-middle and communicates directly with the point of sale terminal. The entire assembly is embedded in the plastic body of yet another stolen card. The forensic analysis relied on X-ray chip imaging, side-channel analysis, protocol analysis, and microscopic optical inspections.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20
Fig. 21
Fig. 22

Similar content being viewed by others

Notes

  1. Whenever a command is executed by a card, the card returns two status bytes called SW1 and SW2. These bytes encode a success or a failure cause.

  2. X denotes the number of further PIN verifications remaining before lock-up.

  3. For our purposes, the issuer can be thought of as the bank.

  4. International Mobile Subscriber Identity.

  5. Permanent Account Number (partially anonymized here).

  6. Precise date removed for privacy reasons.

  7. Card Verification Value.

  8. See http://code.google.com/p/cardpeek/downloads/list.

  9. Payment System Environment.

  10. Directory Definition File.

  11. Command: 00 A4 04 00 14.

  12. Carte Bancaire.

  13. Short File Identifier.

  14. Command: 00 B2 xx 0C Le, where xx is incremented as records are being read.

  15. Command: 00 A4 04 00 07.

  16. Command: 80 A8 00 00 02 followed by a GetResponse command: 00 C0 00 00 20.

  17. Command: 00 88 00 00 04.

  18. Command: 80 CA 9F 17 04.

  19. Command: 00 20 00 80 08.

  20. Command: 80 CA 9F 36 05.

  21. Command: 80 CA 9F 13 05.

  22. These can potentially be efficient against yet unknown future forms of fraud.

References

  1. EMVCo. http://www.emvco.com/specifications.aspx

  2. EMVCo. EMV Specification (Book 1), version 4.2 (2008). http://www.emvco.com/download_agreement.aspx?id=652

  3. EMVCo. EMV Specification (Book 2), version 4.2 (2008). http://www.emvco.com/download_agreement.aspx?id=653

  4. EMVCo. EMV Specification (Book 3), version 4.2 (2008). http://www.emvco.com/download_agreement.aspx?id=654

  5. French prosecution case number 1116791060

  6. Mayes, K., Markantonakis, K., Chen, C.: Smart card platform fingerprinting. Glob. J. Adv. Card Technol., 78–82 (2006)

  7. Murdoch, S.J., Drimer, S., Anderson, R., Bond, M.: Chip and pin is broken. In: 2010 IEEE Symposium on Security and Privacy, pp. 433–446. IEEE, New York (2010)

  8. Rivest, R.L., Shamir, A.: How to reuse a “write-once” memory. Inf. Control 55(1), 1–19 (1982)

    Article  MathSciNet  MATH  Google Scholar 

  9. Souvignet, T., Frinken, J.: Differential power analysis as a digital forensic tool. Foren. Sci. Int. 230(1), 127–136 (2013)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science Department, École normale supérieure, 45 rue d’Ulm, 75230, Paris Cedex 05, France

    Houda Ferradi, Rémi Géraud & David Naccache

  2. Centre Microélectronique de Provence, CEA-TEC PACA, 880 Route de Mimet, 13541, Gardanne, France

    Assia Tria

Authors
  1. Houda Ferradi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rémi Géraud
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. David Naccache
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Assia Tria
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rémi Géraud.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ferradi, H., Géraud, R., Naccache, D. et al. When organized crime applies academic results: a forensic analysis of an in-card listening device. J Cryptogr Eng 6, 49–59 (2016). https://doi.org/10.1007/s13389-015-0112-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-015-0112-3

Keywords

Search

Navigation