Banks warned of truth behind crypto crack claims

An independent expert has backed two Cambridge University students' claims to have uncovered a flaw in a key IBM cryptographic...

An independent expert has backed two Cambridge University students' claims to have uncovered a flaw in a key IBM cryptographic coprocessor that is at the heart of some of the world's most secure systems.

IBM has been warned not to dismiss the two Cambridge University research students, who claim to have developed a system to hack bank security codes and potentially obtain thousands of PIN numbers.

IBM had said the students' method could only work in laboratory conditions and that a bank's physical security measures would prevent attack. However, Dr Nicko van Someren, chief technical officer of Ncipher - one of the world's largest suppliers of cryptographical engines to financial institutions - told "This is a significant security breach. Security managers should be worried but not panicking."

Michael Bond and Richard Clayton, working at the Cambridge University security group, targeted the high-security IBM 4758 cryptoprocessor, which is used by banks, financial institutions and governments.

Their "cracking" technique would only allow a bank insider to carry out the crime, but the vulnerability circumvents the most common bank security procedure - having "dual control" over the release of sensitive information.

IBM and the banks' attitude is that closed security is good security, Richard Clayton told

"They claim this is a not a problem because they have good physical protection, " he said. "But one of the fundamentals of banking security is that of 'dual control' and this attack could be carried out by one bad apple.

"We are not talking about the head of security or a system administrator but potentially someone with reasonable access to IT systems. This isn't a case of dreadful security - this is typical security," he added.

Cryptographical co-processors, such as the IBM 4758, are used within banking computers to keep a customer's true PIN number secret, even from employees.

The system uses a key - a complex mathematical formula - to store the data as a long number. When this key is added to the stored number, the true pin number divulged. The key is normally kept in an electronic strong box that requires at least two highly trusted members of the bank to open it.

The Cambridge pair used a weakness in an application programming interface (API) normally used to configure the IBM 4758, to generate enough data to allow a specially adapted computer to obtain the secret keys.

Despite claiming to have cracked the IBM 4758, Clayton acknowledged that it was one of the best cryptographical co-processors on the market. He went on to warn those financial institutions that said they were unaffected by the crack that they, too, could be vulnerable to the new API attack method.

"The exploit is pretty generic and we believe that it will work against many other cryptographical co-processors," said Clayton.

The researchers are working on four other cryptographical devices from different vendors and say they all exhibit potential weaknesses. They also believe they have found a similar weakness in the Visa encryption module used by the international credit company.

Bond and Clayton first informed IBM of the problem last November, and explained it again to IBM cryptographic staff at a workshop in May. However according to Clayton: "We got the impression from them that this wasn't a real threat and [have] heard nothing since."

IBM UK still insists: "The Cambridge researchers have assumed the lack of a series of standard banking industry controls to the extent that their study would be futile in any other place other than a laboratory environment.

"Nevertheless," the statement ran, "we do take all input seriously and we will be addressing their theories in due course".

Researchers at IBM's Doctor Watson labs in New York are certainly taking the potential threat seriously, and have offered the Cambridge students the loan of a full IBM 4758 unit to test for other vulnerabilities.

Independent experts such as Ncipher's van Someren have been trying to cut through the war of words.

"Despite some reports, this is doesn't mean that every cryptographical system has been breached or that the IBM 4758 is completely infective," he told "But this is a hole within a cryptographical device that was previously though to be impervious.

"This is not the type of exploit that the average man in the street could exploit and I can't see droves of bank managers suddenly rushing out to steal pin numbers."

Van Someren suggested that it could take IBM months, rather than days, to fix the problem. "The underlying IBM architecture is quite old and is not written in a modular way," he said. "Even if they can get a patch it will take some time to test it as they don't want to rush the job and create more holes than they fill."

He advised concerned security managers to speak to their IBM representatives about an update to the 4758's firmware and to look at the physical protection surrounding IBM 4758 cryptographical co-processors.

"Restricting access to these devices should be looked at until IBM can deliver a workable solution," said van Someren.

Read more on Antivirus, firewall and IDS products