Forwarded From: Aleph One <aleph1@nationwide.net>
http://www.wired.com/news/news/technology/story/12459.html
Pirates Cash In on Weak Chips
by James Glave
5:03am 22.May.98.PDT
An extensive and well-organized phone-card piracy scam that came to
light this week in Germany has proven a multimillion dollar lesson in
the perils of hiding sensitive data rather than encrypting it, a
German computer security group said.
"What I think people can learn from this is how expensive 'security by
obscurity' can be," said Andy Mueller-Maguhn, spokesman for the Chaos
Computer Club.
Earlier this week, the German weekly newsmagazine Focus reported that
scam artists from the Netherlands had flooded Germany with millions of
illegally recharged telephone debit cards. The cards, designed for
Deutsche Telekom payphones, use a simple EEP-ROM chip,
developed by Siemens Corp., that deducts value from the card as
minutes are used up.
Ordinarily, once the credit balance reaches zero, the cards are thrown
away or given to collectors. But the Dutch pirates found a way to
bypass the simple security and recharge the cards without leaving any
physical evidence of tampering. The pirates bought up thousands of
spent cards in bulk from collectors, recharged them, and resold them
cheaply to tobacco shops and other retail outlets across Germany.
The magazine said that the German association of tobacconist
wholesalers assesses the losses at DM60 million, or US$34 million
dollars.
With revenues last year of close to US$38 billion, Deutsche Telekom AG
is Europe's largest telco and the third largest carrier worldwide.
But according to Mueller-Maguhn and other card experts, the Dutch
piracy operation is only the latest, albeit the most widespread, scam
against Deutsche Telekom, which has encountered security problems with
its cards since they were introduced in the 1980s.
A spokesperson for Deutsche Telekom handling the card piracy issue did
not return Wired News phone calls. It is not known if the pirates are
in custody or still at large.
According to Marcus Kuhn, a smart-card physical security expert at
Cambridge University in the United Kingdom, the first generation of
phone cards did not include any encryption, and were easily modified.
"Anyone who observed, with a logic analyzer, the data traffic between
a card and a public phone could fully understand the protocol and
implement it on a simple microcontroller plus very little auxiliary
logic," said Kuhn.
Kuhn and Mueller-Maguhn said the flawed card was replaced in March
1995 with the current model, which contains another Siemens chip, the
SLE4433 -- commonly known as the "Eurochip." Though the Eurochip does
contain some simple cryptography, the pirates soon heard about a bug
hidden in the hardware that could allow the stored value to be reset.
"[The Eurochip] has a bug in the chipmask, allowing [a cracker] to
reload almost all the bits using an normally unused counter," said
Mueller-Maguhn.
Kuhn said that he examined the flawed Eurochip under a microscope
about six months ago, and saw what he described as "a typical
lowest-cost cryptoalgorithm."
Siemens declined to speak with Wired News for this story, other than
to release a brief statement.
"Siemens has devoted considerable resources to the development of
leading-edge chip card technology, as well as to cutting chip
development cycle time in an ongoing effort to identify possible
security issues in next-generation technology," the statement said.
Mueller-Maguhn and other sources made it clear that the Dutch pirates
were not technically adept crackers or hackers. Rather, he said, they
were con men who likely bought the know-how, or hired the person who
discovered the bug, and then bought spent phone cards from collectors
to reload them in the Netherlands.
"Codebreaking is not an adequate description for this kind of attack,
as it relies on simple electrical engineering errors in the chip
layout and not on cryptoanalysis," said Kuhn.
"These people weren't hackers, they did it solely for the money,"
added Andreas Bogk, another member of the Chaos Computer Club.
In the meantime, there is little Deutsche Telekom can do to stop the
scam, because cracked cards are indistinguishable from the real thing,
and the costs of tracking the pirate cards are prohibitive. Siemens
and Deutsche Telekom are reportedly working on a new version of the
Eurochip, called Eurochip2.
But Mueller-Maguhn said that he isn't holding his breath that the
companies will get it right on the third time.
"Deutsche Telekom doesn't seem to learn about this in the chip-card
business," he said. "They used [security by obscurity] in the first
technique, then changed to security by obscurity in the second
technique and now [will likely] do it the third time," Mueller-Maguhn
said.
"We'll have fun engineering the bugs in the Eurochip 2," he added.
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Fri May 22 17:53:25 1998