Attacking with "Smart" Cards

Researcher: Rafael Dominguez Vega
Date Started: Jul 01, 2010

The use of smart cards has become part of our daily routine, when cashing money out from an ATM, accessing buildings, logging in to a computer system or shopping. Often our biggest concern is what the impact will be if we lose our smart card whether it is our credit card, building access card or logon access card. Will we lose our money or it will allow unauthorised access to computer systems or buildings. However, shouldn’t we be more concerned about whether the card itself can be used to attack the software handling the smart card input? After all, why steal one person's money or access rights when someone could steal them all.

This research looks at smart card security from a different perspective, focusing on the identification and exploitation of vulnerabilities in the software handling the smart card input, where attacks are delivered through a malicious smart card.

Project's Home
News
Advisories
Publications
Tools
Demos

MWR Labs

Attacking with "Smart" Cards