What type of attack is occurring when a counterfeit card reader is in use?

A replay attack occurs when a cybercriminal eavesdrops on a secure network communication, intercepts it, and then fraudulently delays or resends it to misdirect the receiver into doing what the hacker wants. The added danger of replay attacks is that a hacker doesn't even need advanced skills to decrypt a message after capturing it from the network. The attack could be successful simply by resending the whole thing.

How It Works

Consider this real-world example of an attack. A staff member at a company asks for a financial transfer by sending an encrypted message to the company's financial administrator. An attacker eavesdrops on this message, captures it, and is now in a position to resend it. Because it's an authentic message that has simply been resent, the message is already correctly encrypted and looks legitimate to the financial administrator.

In this scenario, the financial administrator is likely to respond to this new request unless he or she has a good reason to be suspicious. That response could include sending a large sum of money to the attacker's bank account.

Stopping a Replay Attack

Preventing such an attack is all about having the right method of encryption. Encrypted messages carry "keys" within them, and when they're decoded at the end of the transmission, they open the message. In a replay attack, it doesn't matter if the attacker who intercepted the original message can read or decipher the key. All he or she has to do is capture and resend the entire thing — message and key — together.

To counter this possibility, both sender and receiver should establish a completely random session key, which is a type of code that is only valid for one transaction and can't be used again.

Another preventative measure for this type of attack is using timestamps on all messages. This prevents hackers from resending messages sent longer ago than a certain length of time, thus reducing the window of opportunity for an attacker to eavesdrop, siphon off the message, and resend it.

Another method to avoid becoming a victim is to have a password for each transaction that's only used once and discarded. That ensures that even if the message is recorded and resent by an attacker, the encryption code has expired and no longer works.

• What is a Whaling Attack?
• What is a Tunneling Protocol?
• What is Encryption?
• Kaspersky Password Manager

Patch management is the strategy that dictates when new pieces of code, known as patches, are installed on existing software to improve how it operates and protect it from emerging cyber threats.

Black Hat 2012 Retail Chip and PIN devices might easily be attacked using a specially prepared chip-based credit card, according to security researchers.

Researchers from British IT security company MWR InfoSecurity demonstrated the attack at a session during the Black Hat Security Conference in Las Vegas on Wednesday. MWR purchased the smartcards used in its demo for £40.

The researchers showed how a specially prepared chip-based credit card might be used to pay for an item. The PIN Pad device produces a receipt that appears to authorise the payment that is never actually processed, thereby exposing merchants to fraud.

In a second demonstrated attack scenario, researchers showed how a specially prepared card containing malware can be used to infect a PIN entry device, installing code capable of harvesting card numbers and PINs from cards subsequently used on the compromised terminal. The attacker might be able to return later with another malicious card in order to collect harvested numbers and PINs before cleaning off the malware.

Cloned cards might subsequently be produced with counterfeit magnetic stripes. These cards might be used to withdraws funds from ATMs in countries where Chip and PIN is yet to be introduced.

MWR InfoSecurity has also identified examples of network and interface attacks, similar to those reported by German researchers SR labs on other devices recently. The Basingstoke-based firm found the flaws during its ongoing research into secure payment technologies.

A statement by MWR InfoSecurity on its research was lacking in detail and no one from the firm could be reached for additional comment at the time of going to press. However, in a radio interview, Professor Ross Anderson of Cambridge University told the BBC that the MWR has built on its earlier research into the security of PIN entry devices.

Anderson described the work as "impressive". "We had already known that you could disrupt the operation of a payment terminal by inserting a malicious programmed smartcard but what MWR has done is to develop this into an exploitable attack. It's yet another vulnerability in the Chip and PIN system."

MWR has notified the vendors involved – more than one is undertood to be affected – but is withholding names and other details because the devices concerned are currently being used at thousands of retail outlets in the UK and around the world. It is urging an industry-wide review of retail Chip and PIN entry devices.

Don't Panic

In a statement, the UK Cards Association said it was investigating the attack scenario while stressing that no attack of this type has actually been recorded.

We are currently assessing the implications of research by MWR InfoSecurity which, on the face of it, outline a possible means of attack on PIN entry devices. Those seeking to commit fraud are constantly searching for new ways to breach the security of the payments system and we take all threats very seriously.

The attack described targets point-of-sale card acceptance devices in retail outlets. It is not an attack on chip cards themselves (including contactless cards) or cash machines.

Importantly, we have no evidence of this type of attack occurring, either in the UK or anywhere else in the world where chip & PIN is in use. That said, working with partners across the industry, we are urgently identifying measures to exclude any risks.

Levels of card fraud are at their lowest since 2000. Card holders who are the innocent victims of fraud have excellent legal protection, meaning they will not suffer any financial loss as a result.

Ian Shaw, managing director of MWR InfoSecurity, said in a statement that the lack of security in Chip and PIN machines is putting millions of businesses around the globe at potential risk.

"Whilst criminal attacks are unlikely to be happening on a widespread basis currently, the vulnerabilities exist and previous patterns suggest that attacks like this are only a matter of time," Shaw said. "We test a lot of technology used in sensitive banking and retail payment environments and were surprised at how vulnerable many PIN Pads are to these kinds of attacks." ®

What type of attack is occurring when a counterfeit card reader is in use quizlet?

What can an attacker do to acquire a duplicate of another user's smart card quizlet?

Which of the following is a feature of a Fileless virus?

Which of the following attacks involves modifying the IP packet header and source address to make it look like they are coming from a trusted source?