Paper 2015/963

When Organized Crime Applies Academic Results - A Forensic Analysis of an In-Card Listening Device

Houda Ferradi, Rémi Géraud, David Naccache, and Assia Tria

Abstract

This paper describes the forensic analysis of what the authors believe to be the most sophisticated smart card fraud encountered to date. In 2010, Murdoch et al. [7] described a man-in-the-middle attack against EMV cards. [7] demonstrated the attack using a general purpose FPGA board, noting that miniaturization is mostly a mechanical challenge, and well within the expertise of criminal gangs. This indeed happened in 2011, when about 40 sophisticated card forgeries surfaced in the field. These forgeries are remarkable in that they embed two chips wired top-to-tail. The first chip is clipped from a genuine stolen card. The second chip plays the role of the man-in-the-middle and communicates directly with the point of sale (PoS) terminal. The entire assembly is embedded in the plastic body of yet another stolen card. The forensic analysis relied on X-ray chip imaging, side-channel analysis, protocol analysis, and microscopic optical inspections.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Preprint. MINOR revision.
Keywords
EMVsmartcardsman-in-the-middle
Contact author(s)
david naccache @ ens fr
History
2015-10-06: received
Short URL
https://ia.cr/2015/963
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/963,
      author = {Houda Ferradi and Rémi Géraud and David Naccache and Assia Tria},
      title = {When Organized Crime Applies Academic Results - A Forensic Analysis of an In-Card Listening Device},
      howpublished = {Cryptology {ePrint} Archive, Paper 2015/963},
      year = {2015},
      url = {https://eprint.iacr.org/2015/963}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.