On Tue, 14 May 2002, Jason Barkeloo wrote: Hi,
How should this work ? The applications needs unencrypted ascii bytes. Which software part decrypt the data ? Where are the keys ? Andi > Andi, > > Of course a crypto-security co-processor inside the keyboard/reader or on the >motherboard which processes the PIN outside the OS would prevent a trojan from >capturing the keystrokes. > > jb > > jason barkeloo > Director of Research > ACEtek Research > http://wavxtek.org > > > > > From: andi <[EMAIL PROTECTED]> > > Date: 2002/05/14 Tue PM 12:38:03 EDT > > To: [EMAIL PROTECTED] > > Subject: Re: MUSCLE smartcard attacks > > > > Hi everybody, > > > > Why attack the smartcard. It is easier to get such > > things like PIN, passwords, ... with cameras, recorder, ... > > Is it worth to put out a microscope and tons of money > > to crack the PIN or a cryptographic key ? > > > > Social engineering and the rubber horse attack are more > > powerful than any other attack. An other way to get the > > PIN or password is look at the fingers of the victim. > > > > Another way to get the key from most people is: > > > > Get access to the remote computer and get the key or > > install a trojan which gets the keys or let the dumb > > user mail the key to you. (Many users do not know anything > > about private keys, public keys, ...). > > > > Andi > > > > > > PS: Sorry for my bad english :-) > > On Tue, 14 May 2002, Arno Wilhelm wrote: > > > > > > There have been a few articles about smartcard attacks recently. I would > > > > like to pose a few points in regard to. > > > > > > > > 1) These attacks all require physical access to the card. They cannot be > > > > done remotely. > > > > 2) These attacks assume the user has not realizes they have lost their > > > > card and has therefore not notified their helpdesk to have the card > > > > revolked. > > > > 3) These attacks require the user to very carefully remove layers from the > > > > outside of the chip to expose the card. This is not easy - in most > > > > cases the chip is ruined. > > > > 4) These are trial and error attacks - by changing the values of data > > > > stored in eeprom, the attacker hopes to change the behavior of the card > > > > and have it malfunction by returning data the attacker wants to know. > > > > Consider this like a game of minesweeper. You have 262,144 bits in 32k > > > > The majority of those bits being changed will deem the card useless. > > > > In the other cases, unuseful data might be returned. Even if the data > > > > was unciphered in the eeprom (not likely), the user must know where to > > > > look for the data which in most cases isn't linear. > > > > 5) These attacks are well known - changing the power, clock to get the > > > > card to malfunction. Heat, Cold, whatever - most do not work and the > > > > attacker has to know alot about the card and data on it. If I wanted > > > > to put this work to get free GSM service why not steal a credit card > > > > and buy a phone card - at least this is less trackable.... > > > > > > > > There are some clear things left out of the article. First, those parts > > > > are not $30 - I believe you would need some chemicals to expose the chip, > > > > you would need a quality microcope, and I'm sure I couldn't pay the > > > > Russian bomb specialist $30 to do this attack for me. > > > > > > > > Point being that there is no perfect solution. I can buy a $10 safe from > > > > Walmart to protect my documents from fire up to 10 minutes at 1900 > > > > degrees, or I could buy a safe from Diebold for $30,000 which survives a > > > > couple of hours at that temperature. The confort of the smartcard is that > > > > I know it is 100% safe as long as it is in my pocket ..... > > > > > > > > > > > > For me it seems that it must always be easier and cheaper to steal the > > > money *after* it has been taken from the bank than to steal the > > > smartcard, hack it and get the money from the bank myself. > > > I guess that it must also much easier to get pin codes etc. from a > > > careless cardholder than hacking the card itself? > > > What I want to say is that the card itself seems to be very secure, but > > > how is about the "card environment" like the storage of the codes, the > > > smartcard reader, the computer-net that is used in order to transfer the > > > transactions, human beeings that are involved etc. > > > > > > > > > > > > > > > > > > Greetings, > > > > > > Arno > > > > > > > > > > -- > > ----------------------------------------------------------------------- > > LISCON GmbH http://www.liscon.com/ > > Kersche Andreas [EMAIL PROTECTED] > > > > Richard-Wagner-Strasse 7 Tel: +43 699/11093881 > > A-9500 Villach Fax: +43 4242 214 855 99 > > AUSTRIA / EUROPE > > > > *************************************************************** > > Unix Smart Card Developers - M.U.S.C.L.E. > > (Movement for the Use of Smart Cards in a Linux Environment) > > http://www.linuxnet.com/ > > To unsubscribe send an email to [EMAIL PROTECTED] with > > unsubscribe sclinux > > *************************************************************** > > > > > *************************************************************** > Unix Smart Card Developers - M.U.S.C.L.E. > (Movement for the Use of Smart Cards in a Linux Environment) > http://www.linuxnet.com/ > To unsubscribe send an email to [EMAIL PROTECTED] with > unsubscribe sclinux > *************************************************************** > -- ----------------------------------------------------------------------- LISCON GmbH http://www.liscon.com/ Kersche Andreas [EMAIL PROTECTED] Richard-Wagner-Strasse 7 Tel: +43 699/11093881 A-9500 Villach Fax: +43 4242 214 855 99 AUSTRIA / EUROPE *************************************************************** Unix Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/ To unsubscribe send an email to [EMAIL PROTECTED] with unsubscribe sclinux ***************************************************************
