Smart Cards Vulnerable to Photo-Flash Attacks? 217
belphegor writes "Researchers at the University of Cambridge have
found a way to use a camera flash and microscope to extract data from smart cards. " Notable because its apparently relatively
simple to do and really throws a monkey wrench into a variety of businesses
that use smart cards to store important data.
They should have used the iButton (Score:4, Informative)
Here's the link. [ibutton.com]
Re:They should have used the iButton (Score:2)
Re:They should have used the iButton (Score:1)
Re:They should have used the iButton (Score:4, Informative)
Re:They should have used the iButton (Score:5, Funny)
Re:They should have used the iButton (Score:5, Funny)
I tried building that. I'm 70% of the way there.
Re:They should have used the iButton (Score:2)
So far we've determined it's somewhat more difficult to simply open an iButton.
How do we get at the data?
smartcards have always been lacking (Score:5, Informative)
except... dallas semiconductor long ago created the ibutton [ibutton.com] that is more secure and better than any smartcard..
(I know I sound like a broken record, but ibuttons are way better and cooler than any smartcard, and you as a home hacker can use them!)
Re:smartcards have always been lacking (Score:1)
Re:smartcards have always been lacking (Score:1)
The men in the Black Helicopters can't track you as easy.
Re:smartcards have always been lacking (Score:2, Interesting)
Re:smartcards have always been lacking (Score:2)
They suplement this by using facial recognition AI software. This was one of the first products of the AI revolution, but unfortunately in order to keep this secret for government use they've had to supress almost all research in these areas. We really could have had human-level AI by now if it hadn't been appropriated by the NSA.
Of course, this is just a spoof of a paranoid rant... right?
Re:smartcards have always been lacking (Score:5, Interesting)
Guess what?! Criminals can read the information from a credit card using nothing more sophisticated than their eyes! Does this render credit cards an appalling security risk? No, because when it gets stolen you report it and cancel the card.
Now, if someone figures out a way to _write_ to the smart card to people can top up sums of money or whatever, that's a problem. Also, if the smartcard stores data that's useful in itself - say your real naem and address, or other bank account numbers, or what have you, then you certainly don't want that being read by someone else.
Re:smartcards have always been lacking (Score:1, Informative)
Like a private RSA key and certificate. There are many companies that use that for authentication and encryption. The Navy's CAC card for example. Every people in the Navy will have one. You wouldn't want someone to be able to steal your private key off of your card.
Re:smartcards have always been lacking (Score:2)
I'm sure they are going to take notice of this technology, if they haven't already, because I am certain there are people on the other side that will be cracking open DTV smart cards to use this method very soon...
Re:smartcards have always been lacking (Score:3, Informative)
And herein lies the problem. Smart cards don't only store "dumb information". In particular, from the article (which I assume you read?):
In particular, here in the Netherlands (and I believe elsewhere in Europe), you can get online access to your account (with most banks) by using your ATM card. This is accomplished since each ATM card has a smart card on the card. If you can get the secret key out of the card, then you can login to someone elses banking site. No you can't do this with the card alone, since you need to know the cards PIN to access the smart card functionality.
Re:smartcards have always been lacking (Score:2)
Re:smartcards have always been lacking (Score:2)
It's just a blob of data.
Each institution (hopefully) has the said data encrypted and has some tamper checking on it.
Re:smartcards have always been lacking (Score:2)
Then you don't understand the problem. In many cases they don't care of you steal a hundred smart cards. That gets you a few thousand phone minutes or one month of free cable for a hundred people. The cards run out of minutes or expire at the end of the month and you have nothing. Petty theft.
The problem is that the smart cards contain an encryption key. The key unlocks the entire systems. It grants an unlimited number of people unlimited access to phonecalls/cable-service, or whatever. In other words w3 0wn j00 !
-
Re:smartcards have always been lacking (Score:3, Interesting)
Re:smartcards have always been lacking (Score:2)
Kristian
Re:smartcards have always been lacking (Score:2, Informative)
Its named "Akbil" (Smart Ticket), in demos they showed huge cars&stuff driven over them, nothing happened.
Oh btw, to remind how widely they are used they are, its like 80% iButton vs 20% regular tickets.
Re:smartcards have always been lacking (Score:2)
Any ideas on how to get started with this??
Shouldn't they be arrested? (Score:2, Funny)
SMILE!! (Score:2, Funny)
No worries, we'll just pass more laws... (Score:5, Insightful)
Remember, when a security technology is comprimised you don't improve the technology, you outlaw anything that exposes its weakness.
I hope that this is a joke (Score:2, Insightful)
Re:I hope that this is a joke (Score:2)
If Congress constained themselves to measures that were actually designed to _be_ useful rather than _sound_ useful they'd have a lot more time for sex scandals.
Sounds like a win-win situation for everyone but the interns.
Obligatory M$ Zinger Here (Score:1)
Well, that's one way to get rid of Windows...
Re:No worries, we'll just pass more laws... (Score:5, Interesting)
These air bands were open to public ears for decades before the cell phone industry came to life. They chose to use "plain text" audio for analog transmissions to save money with no regard for your privacy. The government stepped in to bail them out when scanning these frequencies became popular and to give the public a false sense of security so they would buy more of them and keep the cell phone industry going strong.
It is also illegal to listen to analog cordless phones (46-49MHz/900MHz) but there is no law preventing the scanners from receiving these bands. I guess the cordless guys could not drum up enough soft money to get that through.
How they did it (Score:2, Redundant)
It's not prostitution if your karma is 50.
Re:How they did it (Score:1)
It's called a freebie.
Trust us, OUR cards ARE smart... (Score:3, Funny)
However, it is speculated that the card contains material that can obscure the flash, literally achieving "security through obscurity."
Re:Trust us, OUR cards ARE smart... (Score:1, Interesting)
(Following up a humorous post with facts. Oh well.)
Correct. If you have a spare metal layer, you put that in as an unbroken power rail. Very little light will pass the higher-numbered connective layers.
If someone tries to remove such a layer, they are looking at a daunting task, since they are also removing the power to the circuit. I am surprised they haven't taken the cost of putting in that extra layer already.
That still leaves attacks which probe the charge stored on the floating gates of the flash memories. They are significantly more costly, though.
Re: Trust us, OUR cards ARE smart... (Score:2)
Or "confusion via occlusion?"
Or "protection by misdirection?"
Now I just got to figure out (Score:1)
Re:Now I just got to figure out (Score:2)
Re:Now I just got to figure out (Score:1)
I don't really know dick about smart cards, but common sense would tell you that any card system for laundry would keep track of the monetary value on the card itself.
I'd be interested to know how the system works if it doesn't.
Re:Now I just got to figure out (Score:2)
Re:Now I just got to figure out (Score:2)
You may want to read up on EMV [visa.com]. It is a cooperative initiative between Visa, Mastercard and Europay, and is set to roll out (region dependant) by 2005. Credit cards will be phased out soon after (by the aforementioned companies refusing to accept liability to fraud on non-EMV transactions).
EMV provides for online and offline transaction approval, mostly based on the size of the transaction and the running size of offline transactions since the last online one.
Re:Now I just got to figure out (Score:2, Funny)
Re:Now I just got to figure out (Score:2)
Not very shocking news. Really. (Score:2)
On the one hand it means no equipment may be trusted since it comes to customer's hands. On the second, I see no problem if I can rip the data which belongs to me (I know, it's generally not the case when it comes to SC). Smart Cards always have been security by obscurity for me. This lesson the industry never learns, I'm afraid.
Re:Not very shocking news. Really. (Score:2)
So let me get this straight, (Score:5, Interesting)
Ok, just making sure.
Re:So let me get this straight, (Score:1)
Easy solution: Nanotubes (Score:4, Funny)
Re:Easy solution: Nanotubes (Score:2)
Not only was it funny, it was hystrerical!
it is insightfull or interesting. The suggestion is a serious one and there is a good chance that it would work.
*Maybe* but I really doubt it. For starters the nanotubes only explode in an oxygen atmosphere.
The real problem is that what you are doing is kind of like building a tank and every time one gets blown up you add 1 square inch of armor at the spot that got hit.
I'd wager it wouldn't be very hard to modify the flash-bulb technique to avoid triggering the nanotubes. I bet filtering the light wavelengths would do the trick.
-
DMCA (Score:1, Interesting)
At least they need to steal them first (Score:2, Insightful)
They were able to expose the circuit to the light by scraping most of the protective coating from the surface of the microprocessor circuit that is embedded in each smart card.
With more study, the researchers were able to focus the flash on individual transistors within the chip by beaming the flash through a standard laboratory microscope.
Could they make the cards so that removing the coating destroyed the chip?
Easy to do? (Score:4, Informative)
Re:Easy to do? (Score:2, Interesting)
Last year there was a spat of cases where waiters and other salespeople had been coerced into swiping customer's credit cards through a "special device" that reads the mag track and stores it. Then the device is handled back to low-life who in turns delivers it to someone who in turn reads the data and produces "genuine" credit cards for use by criminals.
It's not easy, but if there is money on doing it you can bet it will be done.
I read about that too (Score:2)
Re:Easy to do? (Score:2)
Re:Easy to do? (Score:2, Informative)
That's what they're calling it these days, eh? (Score:3, Funny)
-Sou|cuttr
Re:Easy to do? (Score:2, Funny)
Re:Easy to do? (Score:2)
I know you're just trying to be funny, but for the benefit of the 14 year olds out there, there's more than one kind of criminal. Some kinds of criminals are not willing to do some things. Most criminals even have morals and justify thier crimes in their own heads and are not willing to do other kinds of crime. I think it's probably mucheasier for a criminal to convince himself/herself that credit card fraud is okay vs. breaking and entering being okay. I wouldn't be surprised if many /.
People who steal satelite TV are criminals. Why don't theyjust go out and mug people for the satelite TV money instead? It's a question of morals. 99% of criminals have them.
Re:Easy to do? (Score:2)
don't write the PIN on the back of your smart card (Score:3, Insightful)
(quoting from the linked article)
"The Pentagon (news - web sites) has armed soldiers with smart cards for online identity and physical access...Some of the information stored in the card is in the form of a number composed of ones and zeros that cryptographers refer to as a "private key." That key is part of a two-key system that is used to encode and decode information. The security of such systems is compromised if the private key is revealed. Typically, after the card holder authenticates the card by supplying a pin number, the private key will then be used to encrypt any sort of transaction using the card."
Wow, wonder what mag power you need for the scope (Score:2)
Seriously though, this works well for unlocking locked out cards, and reading the rom... but for other info that may be in a rom not directly accessible to the 8051 mcu, this isn't very valuable. Also, some of the nicest info, might not even be in a rom, but weaved into a crypto asic.
Still, if you can alter the value of a register with the microscope... could you actually read out by hand the values stored in a masked rom? Or reverse engineer an asic?
This could kick some serious ass.
Re:Wow, wonder what mag power you need for the sco (Score:1)
Re:Wow, wonder what mag power you need for the sco (Score:2)
It would be like them, to have the tools to throw things wide open (and become modestly rich doing so) but hesitate because they are too short-sighted and want to continue with their status quo. They steal from DirecTV, and steal from the consumers too. My god, with average viewing habits, it costs as much or more to pirate the signal, than it does to just subscribe. And there is no hassle when an ECM strikes, either... how much is that worth?
Hypothetically though, let's say some guy uses this technique to grab that crypto key. That guy buys a $250 FPGA-PCI prototyping card. He loads pitou on the machine, to emulate most of the access card... and a crypto core from opencores.org onto the FPGA to emulate the asic. Boom. instead of driving 1-3 recievers off of a legit 3.5mhz asic, you'd have an FPGA running at 100mhz. No access card even necessary... and FPGA cards have legitimate uses besides pirating DirecTV.
God, I love being a hardware hacker. Even a no-good bum talentless hardware hacker, is better than not being one at all.
Re:Wow, wonder what mag power you need for the sco (Score:2)
Yes, I agree that interpreting signals beamed onto your property is nothing evil or or thieving. Make no mistakes though, the law isn't on your side (not even in Canada anymore). What is even worse, apparently DirecTV has the technology to aim where they send this signal. I'm not sure how finegrained it is (doubtful that it can send to your neighbor subscriber, but not to you), but they no doubt improve it slowly just so the burden isn't placed on them. Much easier to buy laws.
Dealers though? Dealers ARE stealing. If anyone has the right to sell this signal, and I'm not sure anyone does have it, it most certainly is DirecTV's right, and theirs alone. Dealers aren't selling things at a modest price, so that they can make a living, or anything like that, they are profiteering. No excuses or justifications are possible. The very thing they are selling, is watered down, so they can continue to sell it longer, and jack up prices. That's why I would love to see some asic emulation VHDL show up anonymously on the web. Would destroy their access card black market, would make the supply for all practical purposes unlimited and just totally screw everything over.
Yet another reminder... (Score:1)
Also... (Score:1)
Like father like son (Score:1)
This wasn't mentioned in the article, but apparently young Skorobogatov discovered the smart-card vulnerability during the bright flashes of his dad's exploives tests at the tender age of six.
Re:Like father like son (Score:1)
Gee, that wasn't nearly as funny as I thought it would be...
This is not a problem! (duh!) (Score:2, Interesting)
This could ALREADY be done by anyone with a smart card reader already (which is cheaper than a camera and a microscope I might add!).
Duh!
Sensitive data on cards are stored encrypted using the readers public key. The data on the smartcard can be sent from the reader to a centralised location (over a network, much like the way credit cards are verified in realtime just now) and then decoded and verified by a central point (or a selction of central points for redundancy).
It's a given that the smartcard could always be read - this has been accounted for in design of secure systems that use smart cards (we'll the good ones anyway, addmittedly there are quite few which don't (there are a lot of muppets in this industry)
Re:This is not a problem! (duh!) (Score:1)
Basically in a 'real' smart card, you access the data through the microprocessor, not directly. The encryption is performed on the card itself, not the host, increasing security (at least until now I suppose.)
Re:This is not a problem! (duh!) (Score:1)
Take the cards used for sat TV, you send it encrypted data and get the decrypted version back. The decryption key(s) is/are on the card and can't easily be read.
Re: Explanation (Score:2)
Encrypting the data on the card acts as a second layer, as the data on the card is encrypted by the card (as with, say a Sky TV card), but having that data itself also be encrypted against a public key and verifed by the device reading *as well* (which would be appropriate for something like say a secure door pass networked to a central server) would be appropriately secure (though biometrics would probably be more secure, if only they were reliable [HHOS]
By way of illustration:
*insert smart card in door pass*
Smart card: Hi, gimme some data I can use to authenticate you.
Reader: Here you are.
*Smart card churns over*
Smart card: Okay, here's some authentication data based on the input you gave me.
Reader: Cheers, let me check that data by decrypting it against my private key.
*Reader sends data to server*
*Server decrypts key, compares contents (a passphrase) against a stored hash of the users passphrase.*
Server: Yep, authenticates okay.
*Door opens*
This way, even if someone reverse engineered your card and built a reader, they could not get the data out unless they were also able to decrypt your authentication.
If the card supported writing data to, you could give it a key based on a onetime pad after authenticating them too, which would be really secure (meaing the card would have be used before it was reporting missing or compromised, as you couldn't then simply make one identicle copy and keep using it because it would of course change each time it was used).
Correction Re:This is not a problem! (duh!) (Score:2)
To get the program and data (private key), you have to be able to read the memory directly. This is not possible with a smart card reader. Hence, the attack with microscopes and whatnot.
You want the private key in order to ENcrypt data to be read by the smart card or the institution that issued it in order to fake the system.
Vortran out
Re:This is not a problem! (duh!) (Score:2, Interesting)
In practice, smartcards are often used as tamperproof devices to represent a third party, such as a bank. In France, for example, the credit card smart cards carry the bank's private key (for a Gilou/Quisquater RSA variant) as well as some additionnal secret information.
This information is not available for any reader but is used internaly for cryptographic computations.
Explanation (Score:2)
Re posting this as a reply to myself so that more people will see it..
Encrypting the data on the card acts as a second layer, as the data on the card is encrypted by the card (as with, say a Sky TV card), but having that data itself also be encrypted against a public key and verifed by the device reading *as well* (which would be appropriate for something like say a secure door pass networked to a central server) would be appropriately secure (though biometrics would probably be more secure, if only they were reliable [HHOS]
By way of illustration:
*insert smart card in door pass*
Smart card: Hi, gimme some data I can use to authenticate you.
Reader: Here you are.
*Smart card churns over*
Smart card: Okay, here's some authentication data based on the input you gave me.
Reader: Cheers, let me check that data by decrypting it against my private key.
*Reader sends data to server*
*Server decrypts key, compares contents (a passphrase) against a stored hash of the users passphrase say (just as an example).*
Server: Yep, authenticates okay.
*Door opens*
This way, even if someone reverse engineered your card and built a reader, they could not get the data out unless they were also able to decrypt your authentication.
As a stage further, you could give the card a new 'key 'based on a one time pad after authenticating them too, which would be really secure (meaing the card would have be used before it was reporting missing or compromised, as you couldn't then simply make one identicle copy and keep using it because it would of course change each time it was used).
This *could* even work in something like Sky / OnDigitial boxes because they both already have modems which could be used to authenticate the new card (monthly, or yearly when a new card was inserted) but not obviously for realtime decoding of video data.
Re:Explanation (minor correction - typo) (Score:2)
Though to be honest, that level of security would be be relevent in this particular instance
Should read:
Though to be honest, that level of security would *not* be relevent in this particular instance
It's relatively simple to do... (Score:2, Interesting)
Re:It's relatively simple to do... (Score:2, Informative)
No, because the cards that are being talked about are cryptographically "secured", in some way or other. You'd find that, for example, you wouldn't be able to read out a private key required to descramble the program contents because the key wouldn't appear in the same memory space as the readable part of the card (this is how SD-card works).
The clever bit here is the use of high energy density light to tamper with "tamperproof" hardware.
If this were in the US... (Score:1)
Nah... (Score:2)
tcd004
Not so smart.... (Score:1)
I-buttons are being spoken about elsewhere here. They are nice and can fit nicely on a key ring, but the form factor of the smartcard is easier when you have more than one in your pocket.
However, a smartcard is better than a credit/debit card with a magnetic stripe. It is better than a physical key. Both of these can be duplicated in seconds. Someone has to have your smartcard in their possession for several hours before an attack is likely to succeed. Hopefully, you may have noticed by then and have cancelled the thing.
Free Your Mind ... and the rest will follow ?? (Score:1)
Ya but can he leap from tall building to tall building and stop bullets with the force of will?
They need to have your card first (Score:2)
Denying problem (Score:2, Insightful)
I love how the smart card manufacturing companies are just denying that this is a problem and saying that they've already looked at that issue. Do you really think they feel that way and have covered this problem already, or off the record they are panicking to find a way to fix the problem? I would guess that this is new to them, but that they don't want to admit their cards are vulnerable.
BTW, The story is taken from the NY Times, so if you have problems getting to the Yahoo! version of the story, try this link:
http://www.nytimes.com/2002/05/13/technology/13SM
The handyman's secret weapon (Score:4, Funny)
"We used duct tape to fix the photoflash lamp on the video port of a Wentworth Labs MP-901 manual probing station," they wrote in their paper.
No matter how high tech, there's no experiment that can't be improved with duct tape
don't panic (Score:1)
Protection against physical tampering is secondary. It's nice, but even if it didn't exist at all, smart cards would still be very useful. This particular attack seems so tricky that it may not even be worth doing anything about.
It's been done... (Score:2, Funny)
Homer: What are you, the narrator?
-- The Simpsons, Itchy and Scratchy Land, 2F01
physical card access (Score:3, Insightful)
To do this he needs first to get physical access to the card, which is inside the phone (usually under battery). Having access to the phone, usually allow him to make calls anyway without complex card reading procedure.
it's sad this springs to mind. (Score:5, Funny)
Dmitri called. He said if you see any guys in cheap suits applauding on stage right, exit stage left.
Re:it's sad this springs to mind. (Score:2)
Bob.
Man this sucks (Score:2)
And these guys promise me security? (Score:2)
"We've already looked at this area."
He said his company had built defensive measures into its products that would make them invulnerable to such an attack. However, he said he was unwilling to be specific about the nature of the security system, because such information would be valuable to someone who was attempting to break the security of the Atmel smart cards.
Great! They've solved the problem by adding a thin layer of obscurity! I feel secure now.
OOps wrong article (Score:2)
We fixed it, but we can't tell you how! (Score:3, Insightful)
If it's secure, but only because noone knows how it works, then it's inherently *NOT* secure. When will they learn?
OBSCURITY IS NOT SECURITY
*sigh*
Re:We fixed it, but we can't tell you how! (Score:3, Insightful)
Once again, someone taking a piece of truth and misapplying it.
Obscurity is an excellent additional layer of defence.
An example: Take any well known strong encryption, say Triple-DES. Thousands of people have spent thousands of hours studying it and analyized the best attacks against it. I guarantee some organizations have built special hardware to crack it. They grab a message, feed it into the NSA ultra-parallel computer and *BING* 24 hours later an answer pops out.
Now, lets say I use triple-DES but then I add a piece of crap insecure custom encryption on top. Heck, even a ROT-13 layer would cause dedicated hardware to barf. Now the million man-hours of triple-DES research and your billion-dollar super computer are completely useless until someone invests the time to crack my personal encryption layer. It doesn't matter if the "obscure" layer is insecure. If a million people use a million obscure custom encryptions, the time you invest breaking one does you no good when you get to the next.
Security through obscurity is only flawed when it is your primary line of defense.
-
Um (Score:3, Insightful)
Jesus
"Smart" (Score:2)
Smart Tags
Smart Devices
Smart Clients
Smart Phone
Smart Thinking
Smart Display
Smart Interface Pointers
Smart Clip Art
Smart Online Business
Smart Downloading
Smart Worker Seminars
At this point, wouldn't it be prudent to just quit using that word [google.com] for anything to do with computers?
Re:Just stick the chip under the skin (Score:1)
Scapals can penetrate though. I hope the badguys use anesthetic
Re:Smart, very smart? (Score:1)
yessiree, my magnetic strip if far safer, now I can give my credit card out to random stangers with no fear of getting ripped off.
Re:as expected (Score:1, Informative)
Troll rating:
First paragraph sounds reasonable and authoritative: 1 point
Factual statement about privacy invasion: 1 point
Reference to the constitution with the word "decannual": 1 point
A spurious "quote" from the Constitution that only a slashdotter could have written: -1 point
Cliche'd ending sentence about our "forefathers": -1 point
While you should be proud that you have a troll rating in positive territory, that's still not enough to send you over the edge and spark a flame war. Try again, next time.