Smart Cards Vulnerable to Photo-Flash Attacks? 217
belphegor writes "Researchers at the University of Cambridge have
found a way to use a camera flash and microscope to extract data from smart cards. " Notable because its apparently relatively
simple to do and really throws a monkey wrench into a variety of businesses
that use smart cards to store important data.
They should have used the iButton (Score:4, Informative)
Here's the link. [ibutton.com]
smartcards have always been lacking (Score:5, Informative)
except... dallas semiconductor long ago created the ibutton [ibutton.com] that is more secure and better than any smartcard..
(I know I sound like a broken record, but ibuttons are way better and cooler than any smartcard, and you as a home hacker can use them!)
Easy to do? (Score:4, Informative)
Re:as expected (Score:1, Informative)
Troll rating:
First paragraph sounds reasonable and authoritative: 1 point
Factual statement about privacy invasion: 1 point
Reference to the constitution with the word "decannual": 1 point
A spurious "quote" from the Constitution that only a slashdotter could have written: -1 point
Cliche'd ending sentence about our "forefathers": -1 point
While you should be proud that you have a troll rating in positive territory, that's still not enough to send you over the edge and spark a flame war. Try again, next time.
Re:They should have used the iButton (Score:4, Informative)
Re:smartcards have always been lacking (Score:1, Informative)
Like a private RSA key and certificate. There are many companies that use that for authentication and encryption. The Navy's CAC card for example. Every people in the Navy will have one. You wouldn't want someone to be able to steal your private key off of your card.
Re:Easy to do? (Score:2, Informative)
Re:It's relatively simple to do... (Score:2, Informative)
No, because the cards that are being talked about are cryptographically "secured", in some way or other. You'd find that, for example, you wouldn't be able to read out a private key required to descramble the program contents because the key wouldn't appear in the same memory space as the readable part of the card (this is how SD-card works).
The clever bit here is the use of high energy density light to tamper with "tamperproof" hardware.
Re:smartcards have always been lacking (Score:2, Informative)
Its named "Akbil" (Smart Ticket), in demos they showed huge cars&stuff driven over them, nothing happened.
Oh btw, to remind how widely they are used they are, its like 80% iButton vs 20% regular tickets.
Re:smartcards have always been lacking (Score:3, Informative)
And herein lies the problem. Smart cards don't only store "dumb information". In particular, from the article (which I assume you read?):
In particular, here in the Netherlands (and I believe elsewhere in Europe), you can get online access to your account (with most banks) by using your ATM card. This is accomplished since each ATM card has a smart card on the card. If you can get the secret key out of the card, then you can login to someone elses banking site. No you can't do this with the card alone, since you need to know the cards PIN to access the smart card functionality.