Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security

Smart Cards Vulnerable to Photo-Flash Attacks? 217

belphegor writes "Researchers at the University of Cambridge have found a way to use a camera flash and microscope to extract data from smart cards. " Notable because its apparently relatively simple to do and really throws a monkey wrench into a variety of businesses that use smart cards to store important data.
This discussion has been archived. No new comments can be posted.

Smart Cards Vulnerable to Photo-Flash Attacks?

Comments Filter:
  • by swagr ( 244747 ) on Monday May 13, 2002 @09:26AM (#3509886) Homepage
    It immediatly destroys it's internal data when forced open.
    Here's the link. [ibutton.com]
  • by Lumpy ( 12016 ) on Monday May 13, 2002 @09:28AM (#3509897) Homepage
    there is very little tamper protection on smartcards due to their flimsy construction. you cant make a rapid zeroization system on something that isn't rigid and tough enough to be driven over repeatedly by a car or take the huge amount of abuse the human carrier provides every day.

    except... dallas semiconductor long ago created the ibutton [ibutton.com] that is more secure and better than any smartcard..

    (I know I sound like a broken record, but ibuttons are way better and cooler than any smartcard, and you as a home hacker can use them!)
    • In the article... More widely used in Europe than in the United States, the cards have long been promoted as the key to a cashless society as well as... Whats wrong with Cash? I like cash. Cash is good.
      • Whats wrong with Cash? I like cash. Cash is good.

        The men in the Black Helicopters can't track you as easy.
        • Don't be so sure about that. Take any dollar bill and visit the web site WheresGeorge [wheresgeorge.com] and see where it has been.
    • by Jon Peterson ( 1443 ) <jon@@@snowdrift...org> on Monday May 13, 2002 @10:06AM (#3510137) Homepage
      OK, so smart cards are not tamper resistant. I don't see that any attack based around stealing a smart card is anything to worry about, assuming the card itself only stores dumb information like a sum of money or an id number.

      Guess what?! Criminals can read the information from a credit card using nothing more sophisticated than their eyes! Does this render credit cards an appalling security risk? No, because when it gets stolen you report it and cancel the card.

      Now, if someone figures out a way to _write_ to the smart card to people can top up sums of money or whatever, that's a problem. Also, if the smartcard stores data that's useful in itself - say your real naem and address, or other bank account numbers, or what have you, then you certainly don't want that being read by someone else.
      • by Anonymous Coward
        Um, the problem is when you have cryptographic information on the card.

        Like a private RSA key and certificate. There are many companies that use that for authentication and encryption. The Navy's CAC card for example. Every people in the Navy will have one. You wouldn't want someone to be able to steal your private key off of your card.
      • DirecTV has what they claim a billion dollar lose due to pirates, hacking the nice little smart cards. (First the F, now H and HU series, soon to be replaced by the P4 series, which probably isn't hacked, yet....) Writing isn't important, if you can completely dump the card then you can make yourself a cardless emulation system on a PC. (The holy grail of directTv pirates...)

        I'm sure they are going to take notice of this technology, if they haven't already, because I am certain there are people on the other side that will be cracking open DTV smart cards to use this method very soon...

      • OK, so smart cards are not tamper resistant. I don't see that any attack based around stealing a smart card is anything to worry about, assuming the card itself only stores dumb information like a sum of money or an id number.

        And herein lies the problem. Smart cards don't only store "dumb information". In particular, from the article (which I assume you read?):

        Some of the information stored in the card is in the form of a number composed of ones and zeros that cryptographers refer to as a "private key." That key is part of a two-key system that is used to encode and decode information. The security of such systems is compromised if the private key is revealed.

        In particular, here in the Netherlands (and I believe elsewhere in Europe), you can get online access to your account (with most banks) by using your ATM card. This is accomplished since each ATM card has a smart card on the card. If you can get the secret key out of the card, then you can login to someone elses banking site. No you can't do this with the card alone, since you need to know the cards PIN to access the smart card functionality.

        • Card systems on the continent are far more secure than here in the U.K. Here you only need (for ordering over the phone and web) the number and expiry date. Although some cards do have something similar to a pin you sometimes have to enter too.
      • Anyone with a smart card reader (retailers/universities/etc) can read and write a smart card.

        It's just a blob of data.

        Each institution (hopefully) has the said data encrypted and has some tamper checking on it.
      • I don't see that any attack based around stealing a smart card is anything to worry about

        Then you don't understand the problem. In many cases they don't care of you steal a hundred smart cards. That gets you a few thousand phone minutes or one month of free cable for a hundred people. The cards run out of minutes or expire at the end of the month and you have nothing. Petty theft.

        The problem is that the smart cards contain an encryption key. The key unlocks the entire systems. It grants an unlimited number of people unlimited access to phonecalls/cable-service, or whatever. In other words w3 0wn j00 !

        -
    • This is really nothing new, many microcontrollers (like those used in smartcards) are vulnerable to different attacks, clock-glitches voltage reversals/spikes which may unlock their security features. Many of them are normally readable but are 'locked' by a fuse. This fuse may be reset by removing the UV protective coating and erase the card as an EPROM (this will ofcourse also destroy any data you wanted to read). There are however methods circumventing this, like using micro-film as masks for the UV-eraser, or using micro-probes to directly alter the bus. Many cards do not even have real protection, like the european pay-phone cards, all they are is a serial-EPROM which is burned a bit at a time for each credit, but they're fused so if you erase them (UV-wise) they will not allow you to re-program the low-area of the EPROM, but don't worry, just use som other blank card and copy it onto that.
    • Only that the iButton from Dallas Semiconductor already has been broken several years ago by ... right, the very same Ross Anderson and Markus Kuhn.

      Kristian
    • I live in Istanbul, Turkey... 12M+ city. If what I see is right (on that website), that iButton takes care of near whole transportation system here. In busses, metro, sea. There wasn't a single incident since years.

      Its named "Akbil" (Smart Ticket), in demos they showed huge cars&stuff driven over them, nothing happened.

      Oh btw, to remind how widely they are used they are, its like 80% iButton vs 20% regular tickets.
    • Do you have any links that describe how to use an iButton for access control, such as activating relays for door strikes, garage door openers, etc? I looked all over the iButton web site and couldn't find any hard details on how to go about setting something like this up. I think it would be cool to replace all locks with iButton readers (and at ~$15 a pop, why not?!) - front door, garage, even the keyholes in your car could be replaced with a reader that would disarm the alarm system and unlock the door. Buy an iButton ring to wear and never have to carry keys again.

      Any ideas on how to get started with this??
  • Where's Adobe when you need them?
  • SMILE!! (Score:2, Funny)

    by Indras ( 515472 )
    Your data's on Candid Camera (tm)!
  • by Dimensio ( 311070 ) <[moc.uolgi] [ta] [ratskrad]> on Monday May 13, 2002 @09:32AM (#3509922)
    All that needs to happen is for makers of smart cards to send money to Congresscritters to pass laws against smart card "circumvention devices" and have anyone making, selling or posessing a flash-based camera arrested.

    Remember, when a security technology is comprimised you don't improve the technology, you outlaw anything that exposes its weakness.
    • Since laws only stop people who obey laws. Not people with a large enough incetive to benefit from sevurity circumvention.
      • Since when did doing something useful ever take precedence over the appearance of doing something useful.

        If Congress constained themselves to measures that were actually designed to _be_ useful rather than _sound_ useful they'd have a lot more time for sex scandals.

        Sounds like a win-win situation for everyone but the interns.

    • Remember, when a security technology is compromised you don't improve the technology, you outlaw anything that exposes its weakness.

      Well, that's one way to get rid of Windows...
    • by nolife ( 233813 ) on Monday May 13, 2002 @11:06AM (#3510444) Homepage Journal
      This happened in the past with the padding of the cell phone industry. Analog mode cell phones send clear audio over the air in roughly the 868-890 MHz range. To protect the cell phone industry, the government passed a law [bennetlaw.com] in 1994 to prevent the sale of consumer radio scanners from receiving these frequencies. That worked for a while but many scanners were easily 'hacked' to get this region back. In 1997 the law was modified/changed to make it illegal to modify a scanner and companies had to produce scanners that were tamper proof.

      These air bands were open to public ears for decades before the cell phone industry came to life. They chose to use "plain text" audio for analog transmissions to save money with no regard for your privacy. The government stepped in to bail them out when scanning these frequencies became popular and to give the public a false sense of security so they would buy more of them and keep the cell phone industry going strong.

      It is also illegal to listen to analog cordless phones (46-49MHz/900MHz) but there is no law preventing the scanners from receiving these bands. I guess the cordless guys could not drum up enough soft money to get that through.
  • The relevant part of the article [yahoo.com]:

    They were able to expose the circuit to the light by scraping most of the protective coating from the surface of the microprocessor circuit that is embedded in each smart card.

    With more study, the researchers were able to focus the flash on individual transistors within the chip by beaming the flash through a standard laboratory microscope.

    "We used duct tape to fix the photoflash lamp on the video port of a Wentworth Labs MP-901 manual probing station," they wrote in their paper.

    By sequentially changing the values of the transistors used to store information, they were able to "reverse engineer" the memory address map, allowing them to extract the secret information contained in the smart card.

    It's not prostitution if your karma is 50.

  • by dpbsmith ( 263124 ) on Monday May 13, 2002 @09:34AM (#3509938) Homepage
    "Alex Giakoumis... said his company had built defensive measures into its products that would make them invulnerable to such an attack. However, he said he was unwilling to be specific about the nature of the security system."

    However, it is speculated that the card contains material that can obscure the flash, literally achieving "security through obscurity."

    • by Anonymous Coward
      However, it is speculated that the card contains material


      (Following up a humorous post with facts. Oh well.)

      Correct. If you have a spare metal layer, you put that in as an unbroken power rail. Very little light will pass the higher-numbered connective layers.

      If someone tries to remove such a layer, they are looking at a daunting task, since they are also removing the power to the circuit. I am surprised they haven't taken the cost of putting in that extra layer already.

      That still leaves attacks which probe the charge stored on the floating gates of the flash memories. They are significantly more costly, though.
  • Now I just got to figure out how to add money to my laundry card. That thing has eaten more money than I've used on the machines...
    • usually those type of systems only keep an ID on your card, and keep the ammount in a computer somewhere. So doing anything to the card won't effect the ammount of money linked to it.

      • How exactly would that work? I don't think the washing machine in my apartment building dials in when I wash my clothes.

        I don't really know dick about smart cards, but common sense would tell you that any card system for laundry would keep track of the monetary value on the card itself.

        I'd be interested to know how the system works if it doesn't.

        • Well how do you get money on the card? If you do it in the same machine that that machine probably keeps track of the ID money information. It's very rare for the card itself to keep the ammount of money on the card.

        • You may want to read up on EMV [visa.com]. It is a cooperative initiative between Visa, Mastercard and Europay, and is set to roll out (region dependant) by 2005. Credit cards will be phased out soon after (by the aforementioned companies refusing to accept liability to fraud on non-EMV transactions).

          EMV provides for online and offline transaction approval, mostly based on the size of the transaction and the running size of offline transactions since the last online one.

    • Ah ha, a money laundering scheme, eh?
    • One place I lived the laundry machines took a little plastic card with a black pattern on them. You stuck it in the machine, and it melted the card. That way noone could retrieve them. Only downside was the only way you could get more cards was to buy them off of the rooming house owner or the RA. If the RA was out all night, you were SOL and had to find a regular coin laundry.
  • A few years ago I was told about similar technique involving elctron beam (or something like this). Generally, physical access to anything means full access to all contained infomation. Old security principle.

    On the one hand it means no equipment may be trusted since it comes to customer's hands. On the second, I see no problem if I can rip the data which belongs to me (I know, it's generally not the case when it comes to SC). Smart Cards always have been security by obscurity for me. This lesson the industry never learns, I'm afraid.
    • At a certain level every security measure in computer are from obscurity, you are safe because no one knows your password. But the problem arises when the design of the security measures must be made secret to keep it safe. I don't know if this is the case with the smart cards, or at least with all of them.

  • by Civil_Disobedient ( 261825 ) on Monday May 13, 2002 @09:36AM (#3509952)
    Lemme see if I understand right. Reverse engineer hardware to show its inherit ineffectualness -- that's ok. Reverse engineer software to show its inherit ineffectualness -- that's illegal.

    Ok, just making sure.
    • Insight into who has spent more money in congress eh? Personally, I think these companies need to spend less time filling the pockets of congress and try to actually produce a (more) secure, (better) quality product. Then they probably wouldn't have to suck off congress all the time.
  • by MontyP ( 26575 ) on Monday May 13, 2002 @09:36AM (#3509953)
    All they need to do is intertwine single wall carbon based nano tubes throughout the memory. When the camera flash hits the memory, the memory will self destruct.
  • DMCA (Score:1, Interesting)

    by Anonymous Coward
    Isn't this circumventing a protection system? Its only a matter of time before these guys are arrested.
  • From the article:
    They were able to expose the circuit to the light by scraping most of the protective coating from the surface of the microprocessor circuit that is embedded in each smart card.

    With more study, the researchers were able to focus the flash on individual transistors within the chip by beaming the flash through a standard laboratory microscope.

    Could they make the cards so that removing the coating destroyed the chip?

  • Easy to do? (Score:4, Informative)

    by AlaskanUnderachiever ( 561294 ) on Monday May 13, 2002 @09:37AM (#3509960) Homepage
    Ok, maybe everyone else on slashdot has a full clean room. I mean, it could be a possibility. But when I hear phrases like "focusing light on a single transistor" and "Wentworth Labs MP-901 manual probing station" I tend not to think of simple or easy to do. I'm not saying you couldn't hack one, I'm just asking what % of criminals are going to have access to a "manual probing station"?
    • Re:Easy to do? (Score:2, Interesting)

      by jelizondo ( 183861 )
      It's not easy but if it was it there would not be any money on breaking them. For criminals, the way it works is like what they do with current credit cards: some criminal outfit with the money to buy the talent and equipment needed starts producing them in mass and the neighboorhood hudloom uses them.

      Last year there was a spat of cases where waiters and other salespeople had been coerced into swiping customer's credit cards through a "special device" that reads the mag track and stores it. Then the device is handled back to low-life who in turns delivers it to someone who in turn reads the data and produces "genuine" credit cards for use by criminals.

      It's not easy, but if there is money on doing it you can bet it will be done.

      • I read about the waitron pocket-scanner, too. Most of the waitrons I know wouldn't have been coerced, they would have done it for free drugs, which is how this was probably paid for. After the first couple of payments you'll either keep coming back or they'll use the past drug payments against you..
      • If people are willing to go to the expense and risk of cooking meth, I'm convinced that there are few things a sufficiently motivated person won't attempt.
    • Re:Easy to do? (Score:2, Informative)

      by saider ( 177166 )
      Much of this can be had at auctions. Many companies upgrade their equipment and shove their older, but still functional equipment out the back door to anyone who will haul it off. I know one guy who does this and makes a fairly good living. I remember he had a cell tower tranciever once. I'm sure some people would know what to do with that, but I don't.
    • From what little I know, any criminal who has been to jail has had access to a "manual probing station". IANAC (I Am Not A Criminal), but I think it's located in the showers.

      -Sou|cuttr
    • They're criminals. Why wouldn't they just steal one?
      • They're criminals. Why wouldn't they just steal one?

        I know you're just trying to be funny, but for the benefit of the 14 year olds out there, there's more than one kind of criminal. Some kinds of criminals are not willing to do some things. Most criminals even have morals and justify thier crimes in their own heads and are not willing to do other kinds of crime. I think it's probably mucheasier for a criminal to convince himself/herself that credit card fraud is okay vs. breaking and entering being okay. I wouldn't be surprised if many /.

        People who steal satelite TV are criminals. Why don't theyjust go out and mug people for the satelite TV money instead? It's a question of morals. 99% of criminals have them.

    • Ummm, the % that is most likely to want to steal the most (having just spent enough money to crack the smart cards). This gets into the same argument the US Treasury once had to ask: would you rather have 5 people counterfeiting $10000, or 10000 people counterfeiting $5. It isn't an easy question to answer.
  • by Bogatyr ( 69476 ) on Monday May 13, 2002 @09:38AM (#3509967) Homepage
    And if I'm not running an enccrypted filesystem on a hard drive, and someone steals the hard drive out of that computer, they can read the data. Now I consider this article's significance to be just another reminder that physical security is important.
    (quoting from the linked article)
    "The Pentagon (news - web sites) has armed soldiers with smart cards for online identity and physical access...Some of the information stored in the card is in the form of a number composed of ones and zeros that cryptographers refer to as a "private key." That key is part of a two-key system that is used to encode and decode information. The security of such systems is compromised if the private key is revealed. Typically, after the card holder authenticates the card by supplying a pin number, the private key will then be used to encrypt any sort of transaction using the card."
  • Wouldn't mind being able to do this to a DirecTV access card. Grab that juicy elliptic crypto key...

    Seriously though, this works well for unlocking locked out cards, and reading the rom... but for other info that may be in a rom not directly accessible to the 8051 mcu, this isn't very valuable. Also, some of the nicest info, might not even be in a rom, but weaved into a crypto asic.

    Still, if you can alter the value of a register with the microscope... could you actually read out by hand the values stored in a masked rom? Or reverse engineer an asic?

    This could kick some serious ass.
    • You still need access to a "manual probing station" I hear some online DSS reatailers have them...Not sure about the duct tape tho ;)
      • Not sure we should go into much detail with this conversation here, but those DSS retailers are thieves, even by my admittedly low moral standards.

        It would be like them, to have the tools to throw things wide open (and become modestly rich doing so) but hesitate because they are too short-sighted and want to continue with their status quo. They steal from DirecTV, and steal from the consumers too. My god, with average viewing habits, it costs as much or more to pirate the signal, than it does to just subscribe. And there is no hassle when an ECM strikes, either... how much is that worth?

        Hypothetically though, let's say some guy uses this technique to grab that crypto key. That guy buys a $250 FPGA-PCI prototyping card. He loads pitou on the machine, to emulate most of the access card... and a crypto core from opencores.org onto the FPGA to emulate the asic. Boom. instead of driving 1-3 recievers off of a legit 3.5mhz asic, you'd have an FPGA running at 100mhz. No access card even necessary... and FPGA cards have legitimate uses besides pirating DirecTV.

        God, I love being a hardware hacker. Even a no-good bum talentless hardware hacker, is better than not being one at all.
  • ...that it's best not to keep all your eggs in one basket. Knowledge of hardware and software security as well as common sense is required for if security is paramount.
  • Differential Power Analysis [cryptography.com] and even Simple Power Analysis (SPA) can be used on a smart card.
  • Mr. Skorobogatov is a Russian emigrant who was once employed in the former Soviet Union's nuclear weapons program, where his job was to maintain bombs.

    This wasn't mentioned in the article, but apparently young Skorobogatov discovered the smart-card vulnerability during the bright flashes of his dad's exploives tests at the tender age of six.

    • This wasn't mentioned in the article, but apparently young Skorobogatov discovered the smart-card vulnerability during the bright flashes of his dad's exploives tests at the tender age of six.

      Gee, that wasn't nearly as funny as I thought it would be...

  • This is a neat trick, sure but it's not a big issue.

    This could ALREADY be done by anyone with a smart card reader already (which is cheaper than a camera and a microscope I might add!).

    Duh! :)

    Sensitive data on cards are stored encrypted using the readers public key. The data on the smartcard can be sent from the reader to a centralised location (over a network, much like the way credit cards are verified in realtime just now) and then decoded and verified by a central point (or a selction of central points for redundancy).

    It's a given that the smartcard could always be read - this has been accounted for in design of secure systems that use smart cards (we'll the good ones anyway, addmittedly there are quite few which don't (there are a lot of muppets in this industry) :).

    • This attack doesn't pertain to simple memory cards, but rather full blown microprocessor cards. Here's a good primer [scia.org] explaining some of the differences.

      Basically in a 'real' smart card, you access the data through the microprocessor, not directly. The encryption is performed on the card itself, not the host, increasing security (at least until now I suppose.)
    • Sounds to me the cards you are talking about are not "smart" cards but rather simple memory cards. A real smart card has a processor and private program and data memory you can't just read out.

      Take the cards used for sat TV, you send it encrypted data and get the decrypted version back. The decryption key(s) is/are on the card and can't easily be read.
      • Oh yes, agree of course, but no I am talking about smart cards (though depending on the use).

        Encrypting the data on the card acts as a second layer, as the data on the card is encrypted by the card (as with, say a Sky TV card), but having that data itself also be encrypted against a public key and verifed by the device reading *as well* (which would be appropriate for something like say a secure door pass networked to a central server) would be appropriately secure (though biometrics would probably be more secure, if only they were reliable [HHOS] :-).

        By way of illustration:

        *insert smart card in door pass*

        Smart card: Hi, gimme some data I can use to authenticate you.
        Reader: Here you are.
        *Smart card churns over*
        Smart card: Okay, here's some authentication data based on the input you gave me.
        Reader: Cheers, let me check that data by decrypting it against my private key.
        *Reader sends data to server*
        *Server decrypts key, compares contents (a passphrase) against a stored hash of the users passphrase.*
        Server: Yep, authenticates okay.

        *Door opens*

        This way, even if someone reverse engineered your card and built a reader, they could not get the data out unless they were also able to decrypt your authentication.

        If the card supported writing data to, you could give it a key based on a onetime pad after authenticating them too, which would be really secure (meaing the card would have be used before it was reporting missing or compromised, as you couldn't then simply make one identicle copy and keep using it because it would of course change each time it was used).

    • You can't "read" the program data off a smart card... even with a reader. You can only read the output that the smart card povides through its interface. This would be the encrypted data which you can decrypt with the public key.

      To get the program and data (private key), you have to be able to read the memory directly. This is not possible with a smart card reader. Hence, the attack with microscopes and whatnot.

      You want the private key in order to ENcrypt data to be read by the smart card or the institution that issued it in order to fake the system.

      Vortran out
    • I wouldn't be so sure ! The application you describe is very particular.

      In practice, smartcards are often used as tamperproof devices to represent a third party, such as a bank. In France, for example, the credit card smart cards carry the bank's private key (for a Gilou/Quisquater RSA variant) as well as some additionnal secret information.
      This information is not available for any reader but is used internaly for cryptographic computations.
    • I'm seeing a lot of very similar replies, so I guess I didn't explain it very well :-).

      Re posting this as a reply to myself so that more people will see it..

      Encrypting the data on the card acts as a second layer, as the data on the card is encrypted by the card (as with, say a Sky TV card), but having that data itself also be encrypted against a public key and verifed by the device reading *as well* (which would be appropriate for something like say a secure door pass networked to a central server) would be appropriately secure (though biometrics would probably be more secure, if only they were reliable [HHOS] :-).

      By way of illustration:

      *insert smart card in door pass*
      Smart card: Hi, gimme some data I can use to authenticate you.
      Reader: Here you are.
      *Smart card churns over*
      Smart card: Okay, here's some authentication data based on the input you gave me.
      Reader: Cheers, let me check that data by decrypting it against my private key.
      *Reader sends data to server*
      *Server decrypts key, compares contents (a passphrase) against a stored hash of the users passphrase say (just as an example).*
      Server: Yep, authenticates okay.
      *Door opens*

      This way, even if someone reverse engineered your card and built a reader, they could not get the data out unless they were also able to decrypt your authentication.

      As a stage further, you could give the card a new 'key 'based on a one time pad after authenticating them too, which would be really secure (meaing the card would have be used before it was reporting missing or compromised, as you couldn't then simply make one identicle copy and keep using it because it would of course change each time it was used).

      This *could* even work in something like Sky / OnDigitial boxes because they both already have modems which could be used to authenticate the new card (monthly, or yearly when a new card was inserted) but not obviously for realtime decoding of video data. :-) Possibly just for authentication pherhaps....(though to be honest, that level of security would be be relevent in this particular instance :-)
  • ...but not so easy to do without someone noticing. I mean, if you're going to have the Flash card in your possession long enough to perform the attack UNDER A MICROSCOPE, wouldn't it just be easier to yank the data with one of those smart-card reader/portable hard-drive things that ThinkGeek was advertising on here?
    • wouldn't it just be easier to yank the data with one of those smart-card reader/portable hard-drive things that ThinkGeek was advertising on here?


      No, because the cards that are being talked about are cryptographically "secured", in some way or other. You'd find that, for example, you wouldn't be able to read out a private key required to descramble the program contents because the key wouldn't appear in the same memory space as the readable part of the card (this is how SD-card works).

      The clever bit here is the use of high energy density light to tamper with "tamperproof" hardware.

  • ...someone would already have slapped an injunction on them under the DMCA. Wheeee!
  • Smart cards can be attacked by messing with clocks, messing with the power and the type used for GSM, can be exhaustively attacked by using an "Identify" command. This is just one more attack. However, the truth of it, the protection of smartcards is generally adequate but perhaps not suitable for something like military level crypto keys. Of course, what do the military have with their Fortezza based cryptographic PCMCIA-cards, why smart cards of course!

    I-buttons are being spoken about elsewhere here. They are nice and can fit nicely on a key ring, but the form factor of the smartcard is easier when you have more than one in your pocket.

    However, a smartcard is better than a credit/debit card with a magnetic stripe. It is better than a physical key. Both of these can be duplicated in seconds. Someone has to have your smartcard in their possession for several hours before an attack is likely to succeed. Hopefully, you may have noticed by then and have cancelled the thing.

  • "Mr. Anderson is a well-known computer security researcher whose work in both computer security and cryptography is widely recognized."

    Ya but can he leap from tall building to tall building and stop bullets with the force of will?
    "Don't think you are - know you are."

    -Neo

    "The Matrix is a system, Neo. That system is our enemy. But when you're inside, you look around and what do you see? Businessmen, Teachers, Lawyers, Carpenters...the very minds of the people we're trying to save. "
    -Morpheus
  • They can't do this from afar. They have to actually be in physical possession of your smart card, scrape the protective layers off, and put it under a microscope. The problem is that because smart cards are more "secure", they are trusted more, and so actual breaks in such security are harder to prove. So this is like an easy way to find out someone's PIN number once you have their ATM card.
  • Denying problem (Score:2, Insightful)

    by hether ( 101201 )
    a manufacturer who had read the paper said it believed its products were not vulnerable to the attack.

    I love how the smart card manufacturing companies are just denying that this is a problem and saying that they've already looked at that issue. Do you really think they feel that way and have covered this problem already, or off the record they are panicking to find a way to fix the problem? I would guess that this is new to them, but that they don't want to admit their cards are vulnerable.

    BTW, The story is taken from the NY Times, so if you have problems getting to the Yahoo! version of the story, try this link:

    http://www.nytimes.com/2002/05/13/technology/13SMA R.html?todaysheadlines [nytimes.com]
  • by gambit3 ( 463693 ) on Monday May 13, 2002 @10:09AM (#3510163) Homepage Journal

    "We used duct tape to fix the photoflash lamp on the video port of a Wentworth Labs MP-901 manual probing station," they wrote in their paper.

    No matter how high tech, there's no experiment that can't be improved with duct tape

  • The primary attacks smart cards are designed to protect against are eavesdropping and replay. They can do that because they can run zero knowledge and public key protocols. That's a whole lot better than the magnetic strip on your credit card and is unaffected by this attack.

    Protection against physical tampering is secondary. It's nice, but even if it didn't exist at all, smart cards would still be very useful. This particular attack seems so tricky that it may not even be worth doing anything about.

  • Lisa: Dad! The flash must have scrambled their circuits.
    Homer: What are you, the narrator?

    -- The Simpsons, Itchy and Scratchy Land, 2F01
  • by krokodil ( 110356 ) on Monday May 13, 2002 @10:35AM (#3510298) Homepage
    The vulnerability would make it possible for a criminal to find the secret information stored in the card, steal the user's cellphone identity and make free phone calls.

    To do this he needs first to get physical access to the card, which is inside the phone (usually under battery). Having access to the phone, usually allow him to make calls anyway without complex card reading procedure.

  • by BreakWindows ( 442819 ) on Monday May 13, 2002 @10:37AM (#3510311) Homepage
    A team of researchers from I.B.M.'s Thomas J. Watson Laboratory in Yorktown Heights, N.Y., said they would present a report at the conference based on their discovery ...

    Dmitri called. He said if you see any guys in cheap suits applauding on stage right, exit stage left.

    • Also if while paying for your shopping with a newfangled smartcard based cash card system, the clerk asks you to hold on a moment and disappears below the counter, at which point there is a bright flash and the sound of a flashgun recharging ... check your balance before you leave.

      Bob.
  • Well for me it does. I work for a certain company that's trying to use smart cards in a certain product that shouldn't use smart cards but buzzword loving project managers don't want to use anything else... so anyway, I guess this will mean we have to scrap the whole smart card idea and start over on something else...
  • From the article:

    "We've already looked at this area."

    He said his company had built defensive measures into its products that would make them invulnerable to such an attack. However, he said he was unwilling to be specific about the nature of the security system, because such information would be valuable to someone who was attempting to break the security of the Atmel smart cards.

    Great! They've solved the problem by adding a thin layer of obscurity! I feel secure now.
  • Awww, I thought those blew up too, just like the buckeyball-tubules....
  • by tweakt ( 325224 ) on Monday May 13, 2002 @03:01PM (#3511927) Homepage
    "He said his company had built defensive measures into its products that would make them invulnerable to such an attack. However, he said he was unwilling to be specific about the nature of the security system, because such information would be valuable to someone who was attempting to break the security of the Atmel smart cards."

    If it's secure, but only because noone knows how it works, then it's inherently *NOT* secure. When will they learn?

    OBSCURITY IS NOT SECURITY

    *sigh*

    • OBSCURITY IS NOT SECURITY

      Once again, someone taking a piece of truth and misapplying it.

      Obscurity is an excellent additional layer of defence.

      An example: Take any well known strong encryption, say Triple-DES. Thousands of people have spent thousands of hours studying it and analyized the best attacks against it. I guarantee some organizations have built special hardware to crack it. They grab a message, feed it into the NSA ultra-parallel computer and *BING* 24 hours later an answer pops out.

      Now, lets say I use triple-DES but then I add a piece of crap insecure custom encryption on top. Heck, even a ROT-13 layer would cause dedicated hardware to barf. Now the million man-hours of triple-DES research and your billion-dollar super computer are completely useless until someone invests the time to crack my personal encryption layer. It doesn't matter if the "obscure" layer is insecure. If a million people use a million obscure custom encryptions, the time you invest breaking one does you no good when you get to the next.

      Security through obscurity is only flawed when it is your primary line of defense.

      -
  • Um (Score:3, Insightful)

    by scrytch ( 9198 ) <chuck@myrealbox.com> on Monday May 13, 2002 @03:21PM (#3512086)
    If someone grabs your smartcard, why wouldn't they just *use* it. Or call the credit card company, tell them they're you, pass their rigourous security screening questions like asking for your social security number, and get a new card. Social engineering is a lot easier than tunnelling a flash with a microscope.

    Jesus ... it's a *key*. That's why you keep keys safe. Someone grabs my keys (those little jangly jagged metal things), they can use them, and if they have key duplicating equipment, they can duplicate my keys. Big deal.
  • Smart Cards
    Smart Tags
    Smart Devices
    Smart Clients
    Smart Phone
    Smart Thinking
    Smart Display
    Smart Interface Pointers
    Smart Clip Art
    Smart Online Business
    Smart Downloading
    Smart Worker Seminars
    At this point, wouldn't it be prudent to just quit using that word [google.com] for anything to do with computers?

Real programmers don't bring brown-bag lunches. If the vending machine doesn't sell it, they don't eat it. Vending machines don't sell quiche.

Working...