What's in your pocket? (BSides Manchester)

Transcript

1. what’s in your pocket? Henri Watson

2. $ whoami • Software Engineering Intern at Judo Payments •

   Second year student at Abertay University (HackSoc Secretary + Securi-Tay 2017 Organiser) • Lived in the Dominican Republic for 13 years • I dig • Payments technologies • Security UX • Embedded devices • Public transportation

3. Smartcards are often used as replacements for magnetic stripe cards

4. They rapidly grew in popularity as a result of their

   trusted and secure nature

5. Take a look at your wallet • GPG card •

   Bank card • Laundry card • Transit card • Identity documents • Hotel/office key • Student card • Single Sign On card

6. Take a look at your appliances • Satellite decoder cards

   • SIM cards • Gas/electricity top-up card

7. We are surrounded by smartcards

8. …but perhaps we haven’t stopped to consider their security implications

9. …or the data held on them

10. We directly interact with the data held on magnetic stripe

    cards http://samy.pl/magspoof/iron-oxide-short-low.gif

11. Directly interacting with a smartcard’s EEPROM is impractical

12. http://people.cs.uchicago.edu/~dinoj/smartcard/security.html

13. Realistically, there is no “data” on the smartcard that can

    be cloned

14. We’re not interested in a smartcard’s data, instead we care

    about its responses to commands.

15. We have to speak with the smartcard to inspect its

    contents

16. or

17. Contact cards are defined by ISO/IEC 7816

18. Contactless cards are defined by ISO/IEC 14443

19. Contactless cards are defined by ISO/IEC 14443 (Uses ISO/IEC 7816’s

    T=1 protocol)

20. Contactless cards are defined by ISO/IEC 14443 (Uses ISO/IEC 7816’s

    T=1 protocol) (so it’s sorta the same, but more interference)

21. https://commons.wikimedia.org/wiki/File:Australia_Bank_Paypass_Card.png

22. Smartcards are varyingly clever ASICs

23. Many run JavaCard, a stripped down Java Virtual Machine

24. None

25. Others are more purpose-built ASICs

26. Let’s ask a smartcard to do something

27. Card Reader

28. Card Reader

29. Card Reader 3B 88 80 01 E1 F3 5E 11

    77 83 B7 00 17

30. 3B 88 80 01 E1 F3 5E 11 77 83

    B7 00 17 https://smartcard-atr.appspot.com/

31. 3B 88 80 01 E1 F3 5E 11 77 83

    B7 00 17 (UK Biometric Residence Permit)

32. 3B 88 80 01 00 00 00 00 80 81

    71 00 79 Apple Pay 3B 81 80 01 80 Oyster Card / MIFARE DESFire 3B 8F 80 01 80 4F 0C A0 00 00 03 06 03 00 02 00 00 00 00 69 Scottish National Entitlement Card / MIFARE Classic 4k 3B 89 80 01 66 52 57 45 32 50 52 4F 4D 1C Glasgow Subway Card / ITSO

33. Card Reader

34. Card Reader

35. except not really

36. Card Reader

37. Card Reader

38. ¯\_(ツ)_/¯

39. but let’s assume you have a handshake

40. …then it’s up to the application

41. Applications usually implement a handful of standard commands • READ

    BINARY • WRITE BINARY • UPDATE BINARY • ERASE BINARY • READ RECORD • WRITE RECORD • APPEND RECORD • UPDATE RECORD • GET DATA • PUT DATA • SELECT FILE • VERIFY

42. These commands are specified by Global Platform

43. …but it’s cool to ignore them

44. Talking with a random card is a headache

45. but let’s assume you also know what commands the card

    supports

46. As a simple example, let’s look at basic GSM authentication

47. Phone Cell tower Ki: ABCDEFGHIJKLMNO

48. SIM Card Phone Remaining PINs: 3 Ki: ABCDEFGHIJKLMNO

49. SIM Card Phone Remaining PINs: 2 Ki: ABCDEFGHIJKLMNO

50. SIM Card Phone Remaining PINs: 2 Ki: ABCDEFGHIJKLMNO

51. SIM Card Phone Remaining PINs: 3 Ki: ABCDEFGHIJKLMNO

52. SIM Card Phone Remaining PINs: 3 Ki: ABCDEFGHIJKLMNO

53. SIM Card Phone Remaining PINs: 3 Ki: ABCDEFGHIJKLMNO

54. Phone Cell tower Ki: ABCDEFGHIJKLMNO

55. In this example, the SIM card demonstrates two access control

    methods

56. The SIM card protects the PIN and the Ki

57. As the SIM card performs cryptographic operations on-board, the Ki

    isn’t exposed

58. …unless you brute-force it

59. SIM Card Reader Remaining PINs: 3 Ki: ABCDEFGHIJKLMNO http://www.isaac.cs.berkeley.edu/isaac/gsm-faq.html

60. We also have smartcards in our bank cards

61. EMV attempts to provide a secure payments environment in an

    assumed hostile environment.

62. Multiple applications per card are used in the United States

    to allow debit cards to be run in stores over the credit network or the debit network. * Supporting this is legally required as a result of the Durbin Amendment

63. Smartcards are also used for more generic data storage

64. Some of these are MIFARE Ultralight cards

65. Mostly publicly readable, basic access control settings

66. None
67. None

68. Many of these are MIFARE Classic cards

69. Card Reader

70. None

71. Some people store data on these cards

72. …but this is all safe because you need encryption keys

    to read and write

73. https://eprint.iacr.org/2009/137

74. None

75. Not everyone uses MIFARE Classic though

76. NXP touts MIFARE DESFire as being safer

77. DESFire cleanly supports multiple applications and has a stronger ACS

78. https://codebutler.github.io/farebot/

79. http://www.proxmark.org/files/Documents/13.56%20MHz%20- %20MIFARE%20DESFire/Cloning_Cryptographic_RFID_Cards_for_25USD-WISSEC_2010.pdf

80. None

81. https://www.itso.org.uk/wp-content/uploads/2012/07/ISAM_small.jpg

82. https://www.itso.org.uk/wp-content/uploads/2014/11/ITSO-Application-layers.jpg

83. None

84. …but there are other applications

85. …but there are other applications …like passports

86. Passports have sensitive data that must be protected

87. None

88. Passport Reader

89. This is all numeric data

90. This is all numeric data …that we can bruteforce

91. http://hgi.ruhr-uni-bochum.de/media/crypto/veroeffentlichungen/2011/01/29/ epasscrack_otm07.pdf

92. so basically

93. It’s impractical to attack the smartcard itself

94. Instead, attacks rely on broken crypto or side channel leaks

95. Cards run very small and heavily optimised applications

96. There’s a lot of software that allows you to interact

    with known smartcards

97. You can build your own smartcards too

98. https://simhacks.github.io/defcon-21/

99. There are tiny computers in all of our pockets

100. Say hello to them

101. Say hello to them maybe they’ll say hi back

102. Thanks! @henriwatson [email protected] https://henriwatson.com/talks/yourpocket