Slashdot Mirror

← Back to Stories (view on slashdot.org)

Smart Cards Vulnerable to Photo-Flash Attacks?

Posted by CmdrTaco on from the now-thats-an-issue dept.

belphegor writes "Researchers at the University of Cambridge have found a way to use a camera flash and microscope to extract data from smart cards. " Notable because its apparently relatively simple to do and really throws a monkey wrench into a variety of businesses that use smart cards to store important data.

5 of 214 comments (clear)

  1. They should have used the iButton by swagr · · Score: 4, Informative

    It immediatly destroys it's internal data when forced open.
    Here's the link.

    --

    -... --- .-. . -.. ..--..
    1. Re:They should have used the iButton by egomaniac · · Score: 4, Informative

      It's easy enough to open an iButton without destroying it. I seem to recall you just keep it in a pressurized N2 atmosphere while cracking the case, and it won't even realize that it has been opened.

      --
      ZFS: because love is never having to say fsck
  2. smartcards have always been lacking by Lumpy · · Score: 5, Informative

    there is very little tamper protection on smartcards due to their flimsy construction. you cant make a rapid zeroization system on something that isn't rigid and tough enough to be driven over repeatedly by a car or take the huge amount of abuse the human carrier provides every day.

    except... dallas semiconductor long ago created the ibutton that is more secure and better than any smartcard..

    (I know I sound like a broken record, but ibuttons are way better and cooler than any smartcard, and you as a home hacker can use them!)

    --
    Do not look at laser with remaining good eye.
    1. Re:smartcards have always been lacking by pwagland · · Score: 3, Informative
      OK, so smart cards are not tamper resistant. I don't see that any attack based around stealing a smart card is anything to worry about, assuming the card itself only stores dumb information like a sum of money or an id number.

      And herein lies the problem. Smart cards don't only store "dumb information". In particular, from the article (which I assume you read?):

      Some of the information stored in the card is in the form of a number composed of ones and zeros that cryptographers refer to as a "private key." That key is part of a two-key system that is used to encode and decode information. The security of such systems is compromised if the private key is revealed.

      In particular, here in the Netherlands (and I believe elsewhere in Europe), you can get online access to your account (with most banks) by using your ATM card. This is accomplished since each ATM card has a smart card on the card. If you can get the secret key out of the card, then you can login to someone elses banking site. No you can't do this with the card alone, since you need to know the cards PIN to access the smart card functionality.

  3. Easy to do? by AlaskanUnderachiever · · Score: 4, Informative

    Ok, maybe everyone else on slashdot has a full clean room. I mean, it could be a possibility. But when I hear phrases like "focusing light on a single transistor" and "Wentworth Labs MP-901 manual probing station" I tend not to think of simple or easy to do. I'm not saying you couldn't hack one, I'm just asking what % of criminals are going to have access to a "manual probing station"?

    --
    Find out about my new childrens book: SS Death Camp Criminal Batallion Go To Monte Carlo For The Massacre