1 min read

Researcher Seizes Control of Smartcard via Proof-of-Concept Malware

Bogdan BOTEZATU

November 20, 2012

Researcher Seizes Control of Smartcard via Proof-of-Concept Malware

As adoption of smartcards as authentication mechanisms ramps up, so does cyber-crook interest in it. Paul Rascagneres, an IT security consultant at security auditing firm Itrust Consulting, has revealed a proof-of-concept application that can hijack the local, USB-mounted smartcard reader and virtually connect it over the Internet to the attacker`s computer.

Smartcards are primarily used for authentication, as they replace the “sniffable” password with a piece of plastic and a chip. The size and shape of a credit card, smartcards can be used in specialized equipment, but smartcard readers are only shipped in mid-range and top-tier business notebooks, and other interested users have to purchase a reader and attach it via USB.

“I did not test the proof of concept on all providers, but as the malware shares the USB device in raw, we do not target any specific smartcard,” Rascagneres said in a quote for SC Magazine.

Since smartcards are used to keep banking authentication data, to sign documents or even substitute for an ID document (as in Belgium), it is easy to anticipate the interest in seizing control over it. What Rascagneres tried to accomplish was to remotely connect the victim`s USB reader to his computer over the Internet.

Since most smartcards require also a PIN or a password as a secondary authentication factor, the same malware application comes equipped with a keylogger component that logs keystrokes in real time.

The full demonstration of the attack, as well as additional details will be provided on November 24 at the MalCon security conference in New Delhi, India.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

FBI Warns that Tokyo 2020 Summer Olympics Is Prime Target for Cyberattacks FBI Warns that Tokyo 2020 Summer Olympics Is Prime Target for Cyberattacks
Silviu STAHIE

July 27, 2021

1 min read
Patch your iPhones and Macs against "actively exploited" zero-day right now Patch your iPhones and Macs against "actively exploited" zero-day right now
Graham CLULEY

July 27, 2021

2 min read
Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read