Created a sample of the virus in order to falsification the smart cards

Posted: November 19, 2012 in IT Security News, Security Notices
Tags: ,


Smart cards falsification

The team of specialists in IT security from a  Luxembourg’s company Itrust Consulting  announced the opening of the method of falsification of smart cards.

They have created a program, as an experimental model of a possible virus, can control the reader for these smart cards. As a result, a potential attacker can take control of the Internet reader, connected to a Windows-compromised machine using the port USB.

The first step in the falsification of smart cards is to install a special driver on the infected computer. This driver provides remote access to the USB-devices via the Internet. With access to the device to read the smart card the attacker can use some proprietary software from the manufacturers of such equipment. As a result, an attacker can use a smart card of the victim, as if it were in his own computer.

Paul Rascagneres, one of the researchers, is the founder and leader of the project, on the analysis of viruses and anti-virus technologies. It was his team created a sample of the virus, providing remote access to such USB-devices. By the way, there are documented cases of falsification of a smart card carried on the local computer programming interface API from the manufacturer. However, a new development project is a development of this idea with the ability to share a USB-device authentication via the protocol TCP / IP. In fact, an attacker can remotely manage smart card reader as a local device. Analysis of experimentally confirmed attacks will be presented at the conference MalCon, which will be held on November 24 in New Delhi (India).

The attack on the smart card is a serious threat to the security of many corporate customers. These maps are used as a secure electronic identities in different fields to verify the identity of man and even to digitally sign some documents. Bank issues a number of smart cards and readers for remote access to the account. In addition, in some places the smart card used as electronic civil passport.

The project team successfully tested its prototype malware on national e-passports Belgium and smart cards Belgian banks. Theoretically, the new method should work with all types of smart cards and readers. In addition, the prototype provides tools to capture PIN codes and passwords. Fortunately, if the reader is provided with the Victim physical keyboard to enter a PIN number, the proposed attack does not work.

Among other things, the current situation is not so sad – because the proposed drivers are not digitally signed and can not be set in certain versions of Windows, requiring the driver signing, for example, 64-bit versions of Windows 7. At the same time, in a real attack can be used fake signatures in drivers. There are other potential dangers – there are certain viruses that disable the policy drivers in the 64-bit versions of Windows 7 by modifying the boot components. The only visible sign of an attack on a smart card reader – this is a blinking LED on the device, where the attacker tries to access the card.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s