Forgot your password?
typodupeerror
Security

Smart Cards Vulnerable to Photo-Flash Attacks? 217

Posted by CmdrTaco
from the now-thats-an-issue dept.
belphegor writes "Researchers at the University of Cambridge have found a way to use a camera flash and microscope to extract data from smart cards. " Notable because its apparently relatively simple to do and really throws a monkey wrench into a variety of businesses that use smart cards to store important data.
This discussion has been archived. No new comments can be posted.

Smart Cards Vulnerable to Photo-Flash Attacks?

Comments Filter:
  • by Civil_Disobedient (261825) on Monday May 13, 2002 @10:36AM (#3509952)
    Lemme see if I understand right. Reverse engineer hardware to show its inherit ineffectualness -- that's ok. Reverse engineer software to show its inherit ineffectualness -- that's illegal.

    Ok, just making sure.
  • DMCA (Score:1, Interesting)

    by Anonymous Coward on Monday May 13, 2002 @10:37AM (#3509957)
    Isn't this circumventing a protection system? Its only a matter of time before these guys are arrested.
  • by @madeus (24818) <slashdot_24818@mac.com> on Monday May 13, 2002 @10:48AM (#3510033)
    This is a neat trick, sure but it's not a big issue.

    This could ALREADY be done by anyone with a smart card reader already (which is cheaper than a camera and a microscope I might add!).

    Duh! :)

    Sensitive data on cards are stored encrypted using the readers public key. The data on the smartcard can be sent from the reader to a centralised location (over a network, much like the way credit cards are verified in realtime just now) and then decoded and verified by a central point (or a selction of central points for redundancy).

    It's a given that the smartcard could always be read - this has been accounted for in design of secure systems that use smart cards (we'll the good ones anyway, addmittedly there are quite few which don't (there are a lot of muppets in this industry) :).

  • by proverbialcow (177020) on Monday May 13, 2002 @10:52AM (#3510053) Journal
    ...but not so easy to do without someone noticing. I mean, if you're going to have the Flash card in your possession long enough to perform the attack UNDER A MICROSCOPE, wouldn't it just be easier to yank the data with one of those smart-card reader/portable hard-drive things that ThinkGeek was advertising on here?
  • OK, so smart cards are not tamper resistant. I don't see that any attack based around stealing a smart card is anything to worry about, assuming the card itself only stores dumb information like a sum of money or an id number.

    Guess what?! Criminals can read the information from a credit card using nothing more sophisticated than their eyes! Does this render credit cards an appalling security risk? No, because when it gets stolen you report it and cancel the card.

    Now, if someone figures out a way to _write_ to the smart card to people can top up sums of money or whatever, that's a problem. Also, if the smartcard stores data that's useful in itself - say your real naem and address, or other bank account numbers, or what have you, then you certainly don't want that being read by someone else.
  • by Anonymous Coward on Monday May 13, 2002 @11:07AM (#3510147)
    However, it is speculated that the card contains material


    (Following up a humorous post with facts. Oh well.)

    Correct. If you have a spare metal layer, you put that in as an unbroken power rail. Very little light will pass the higher-numbered connective layers.

    If someone tries to remove such a layer, they are looking at a daunting task, since they are also removing the power to the circuit. I am surprised they haven't taken the cost of putting in that extra layer already.

    That still leaves attacks which probe the charge stored on the floating gates of the flash memories. They are significantly more costly, though.
  • Re:Easy to do? (Score:2, Interesting)

    by jelizondo (183861) <jerry.elizondo@nOsPam.gmail.com> on Monday May 13, 2002 @11:09AM (#3510161)
    It's not easy but if it was it there would not be any money on breaking them. For criminals, the way it works is like what they do with current credit cards: some criminal outfit with the money to buy the talent and equipment needed starts producing them in mass and the neighboorhood hudloom uses them.

    Last year there was a spat of cases where waiters and other salespeople had been coerced into swiping customer's credit cards through a "special device" that reads the mag track and stores it. Then the device is handled back to low-life who in turns delivers it to someone who in turn reads the data and produces "genuine" credit cards for use by criminals.

    It's not easy, but if there is money on doing it you can bet it will be done.

  • This is really nothing new, many microcontrollers (like those used in smartcards) are vulnerable to different attacks, clock-glitches voltage reversals/spikes which may unlock their security features. Many of them are normally readable but are 'locked' by a fuse. This fuse may be reset by removing the UV protective coating and erase the card as an EPROM (this will ofcourse also destroy any data you wanted to read). There are however methods circumventing this, like using micro-film as masks for the UV-eraser, or using micro-probes to directly alter the bus. Many cards do not even have real protection, like the european pay-phone cards, all they are is a serial-EPROM which is burned a bit at a time for each credit, but they're fused so if you erase them (UV-wise) they will not allow you to re-program the low-area of the EPROM, but don't worry, just use som other blank card and copy it onto that.
  • by hagardtroll (562208) on Monday May 13, 2002 @11:15AM (#3510192) Journal
    Don't be so sure about that. Take any dollar bill and visit the web site WheresGeorge [wheresgeorge.com] and see where it has been.
  • by nolife (233813) on Monday May 13, 2002 @12:06PM (#3510444) Homepage Journal
    This happened in the past with the padding of the cell phone industry. Analog mode cell phones send clear audio over the air in roughly the 868-890 MHz range. To protect the cell phone industry, the government passed a law [bennetlaw.com] in 1994 to prevent the sale of consumer radio scanners from receiving these frequencies. That worked for a while but many scanners were easily 'hacked' to get this region back. In 1997 the law was modified/changed to make it illegal to modify a scanner and companies had to produce scanners that were tamper proof.

    These air bands were open to public ears for decades before the cell phone industry came to life. They chose to use "plain text" audio for analog transmissions to save money with no regard for your privacy. The government stepped in to bail them out when scanning these frequencies became popular and to give the public a false sense of security so they would buy more of them and keep the cell phone industry going strong.

    It is also illegal to listen to analog cordless phones (46-49MHz/900MHz) but there is no law preventing the scanners from receiving these bands. I guess the cordless guys could not drum up enough soft money to get that through.
  • by L-One-L-One (173461) on Monday May 13, 2002 @12:54PM (#3510681)
    I wouldn't be so sure ! The application you describe is very particular.

    In practice, smartcards are often used as tamperproof devices to represent a third party, such as a bank. In France, for example, the credit card smart cards carry the bank's private key (for a Gilou/Quisquater RSA variant) as well as some additionnal secret information.
    This information is not available for any reader but is used internaly for cryptographic computations.

Cobol programmers are down in the dumps.

Working...