Last week, a group of researchers of the Radboud University Nijmegen showed a rather interesting attack on one of the major Dutch online banking systems. For me, this came as a shock, as this particular system is potentially the most secure method of online banking out there at this moment. So, why is the general approach of these card readers still very good and why is this implementation insecure?

Some digital banking systems are working with card readers, which use the cryptographic capabilities of a banking card to approve transactions made in the web interface. Simply put, these devices are used to create a signature on a certain piece of information. This can be seen as putting your signature on a traditional giro transfer card. Nowadays, one of the major Dutch banks provides this device with a USB cable, such that the user merely has to enter a pin code and press the “ok”-button after assessing the transaction displayed in the screen.

What Am I Approving?
The traditional problem with card readers for online banking is that the user has no idea whatsoever of what he approves. When a banking website asks you to enter a certain number on the device supplied by the bank, you do not know what this seemingly random number represents. Thus, the user is not able to assess whether this number is going to authorise the transaction on the screen or a transfer of all his money to a shady bank account.

This number is a so-called challenge. This means that the bank gives you a freshly generated number and asks you to sign it. Only your banking card knows the secret information needed to sign this information, which makes the signature theoretically unforgeable – given that the used cryptographic algorithms are secure. This number needs to be random. Otherwise, an attacker could try to obtain a correctly signed challenge from a legitimate transaction and reuse this value for his malicious intents.

By using a USB cable, the device can easily include more detailed information in the process. For example, the mentioned USB connected device displays the number of transactions and the total amount. By including this information in the data that is signed by your banking card, there is a stronger connection between the authorisation and the transactions. For example, when you give me a signature that approves two transactions of a total amount of twenty Euro, I will not accept this as authorisation for a transaction of one thousand Euro. This is a major improvement over the traditional random numbers, where an attacker could simply change the information sent by your browser without you noticing it.

Why This Is One of the Most Secure Methods of Online Banking
As stated before, knowing what you sign is one of the most important requirements to strong security. However, this would require users to enter, besides the random challenge, the account number and amount for every single transaction, which is a major hassle and very error prone. Thus, eliminating this hassle by using a USB connection is a wonderful idea, when implemented correctly. Of course, the current implementation still only shows the number of transactions and the total amount, thereby possibly allowing attacks where these two values stay the same but other attributes change, e.g. the attacker swaps an account number with his own account.

One can imagine, that such a banking device can be fairly restricted in its capabilities. In the end, it needs to be able to authorise transactions and log users in. This should make it possible to build a small trusted device with simple interactions with the user’s computer. Such simplicity should enable developers to perform strict validation and enable a high level of security. In other words, the card reader needs to be a trusted device that keeps your PIN secret and only authorises what you intend to authorise.

So What Went Wrong?
Up to this point, the theory has shown how wonderful this USB connected card reader potentially can be. However, as practice always differs from theory, the current implementation has a large flaw.

When a user starts authorising a transaction, he first has to enter his PIN. Afterwards, in the connected mode, the user is presented with a message asking for authorisation, which requires him to click the “ok”-button. However, after clicking this button, the reader does not sign the data directly, but simply reports back to your computer that the user has clicked this button. At this point, the computer has to request the signature, which the reader happily gives. The problem lies within the fact that, regardless if the user has accepted this authorisation, the computer can request the device to sign his request. In practice, this makes the device flash the message that asks for approval for less than a second without the user actually clicking on “ok”.

Will We Have Secure USB Connected Banking Card Readers?
Hopefully, future readers will not contain faults like this. It turns out that the developers intended to enable larger messages where the user clicks on “ok” to see the second part. This resulted in the “ok”-button both meaning a request for more information and an authorisation, which caused ambiguity and complexity. These two factors prove commonly a direct ticket to insecurity, as happened in this case. Nevertheless, the potential of USB connected card readers is still high. So, for the future, we need better connected card readers and not a fear of connected devices.

Tagged with:
 

Leave a Reply

Your email address will not be published. Required fields are marked *