HITB2011KUL - Chip & PIN - Protocol Analysis EMV POS

Document Title:
===============
HITB2011KUL - Chip & PIN - Protocol Analysis EMV POS


References:
===========
Download:	http://www.vulnerability-lab.com/resources/videos/399.wmv
View: 		http://www.youtube.com/watch?v=5zFlqMFWYhc



Release Date:
=============
2012-01-25


Vulnerability Laboratory ID (VL-ID):
====================================
399


Discovery Status:
=================
Published


Exploitation Technique:
=======================
Event


Severity Level:
===============
Medium


Technical Details & Description:
================================
The EMV global standard for electronic payments is widely used for inter-operation between chip equipped 
credit/debit cards, Point of Sales devices and ATMs.

Following the trail of the serious vulnerabilities published by Murdoch and Drimer’s team at Cambridge 
University regarding the usage of stolen cards, we explore the feasibility of skimming and cloning in the 
context of POS usage.

We will analyze in detail EMV flaws in PIN protection and illustrate skimming prototypes that can be covertly 
used to harvest credit card information as well as PIN numbers regardless the type/configuration of the card.

Our updated research also explores in depth the design, implementation and effectiveness of tamper proof 
sensors in modern and widely used POS terminals, illustrating different techniques for bypass and physical 
compromise. As usual cool gear and videos are going to be featured in order to maximize the presentation.


Credits & Authors:
==================
Andrea Barisani
Andrea Barisani is a security researcher and consultant. His professional career began 10 years ago but all really started 
when a Commodore-64 first arrived in his home when he was 10. Now, 18 years later, Andrea is having fun with large-scale 
IDS/Firewalls deployment and administration, forensic analysis, vulnerability assessment, penetration testing, security 
training and his Open Source projects. He eventually found that system and security administration are the only effective 
way to express his need for paranoia.

Being an active member of the international Open Source and security community he’s maintainer/author of the tenshi, ftester 
projects as well as the founder and project coordinator of the oCERT effort, the Open Source Computer Emergency Reponse Team.

He has been involved in the Gentoo project, being a member of the Gentoo Security and Infrastructure Teams, and the Open 
Source Security Testing Methodology Manual, becoming an ISECOM Core Team member. Outside the community he has been a 
security consultant for Italian firms and he’s now the co-founder and Chief Security Engineer of Inverse Path Ltd. He has 
been a speaker and trainer at PacSec, CanSecWest, BlackHat and DefCon conferences among many others, speaking about TEMPEST 
attacks, SatNav hacking, 0-days, LDAP and other pretty things.



Daniele Bianco
He began his professional career during his early years at university as system administrator and IT consultant for several 
scientific organizations. His interest for centralized management and software integration in Open Source environments has 
focused his work on design and development of suitable R&D infrastructure. One of his hobbies has always been playing with 
hardware and electronic devices.

At the time being he is the resident Hardware Hacker for international consultancy Inverse Path where his research work 
focuses on embedded systems security, electronic devices protection and tamperproofing techniques. He presented at many IT 
security events and his works have been quoted by numerous popular media.


Disclaimer & Information:
=========================
The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, 
either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-
Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business 
profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some 
states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation 
may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases 
or trade with fraud/stolen material.

Domains:    www.vulnerability-lab.com   	- www.vuln-lab.com			       - www.vulnerability-lab.com/register
Contact:    [email protected] 	- [email protected] 	       - [email protected]
Section:    video.vulnerability-lab.com 	- forum.vulnerability-lab.com 		       - news.vulnerability-lab.com
Social:	    twitter.com/#!/vuln_lab 		- facebook.com/VulnerabilityLab 	       - youtube.com/user/vulnerability0lab
Feeds:	    vulnerability-lab.com/rss/rss.php	- vulnerability-lab.com/rss/rss_upcoming.php   - vulnerability-lab.com/rss/rss_news.php

Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. 
Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other 
media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, sourcecode, videos and 
other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), 
modify, use or edit our material contact ([email protected] or [email protected]) to get a permission.

    				   	Copyright © 2012 | Vulnerability Laboratory