Smart Cards Vulnerable to Photo-Flash Attacks?

belphegor writes "Researchers at the University of Cambridge have found a way to use a camera flash and microscope to extract data from smart cards. " Notable because its apparently relatively simple to do and really throws a monkey wrench into a variety of businesses that use smart cards to store important data.

How they did it

[Boiling_point_]

The relevant part of the article:

They were able to expose the circuit to the light by scraping most of the protective coating from the surface of the microprocessor circuit that is embedded in each smart card.

With more study, the researchers were able to focus the flash on individual transistors within the chip by beaming the flash through a standard laboratory microscope.

"We used duct tape to fix the photoflash lamp on the video port of a Wentworth Labs MP-901 manual probing station," they wrote in their paper.

By sequentially changing the values of the transistors used to store information, they were able to "reverse engineer" the memory address map, allowing them to extract the secret information contained in the smart card.

It's not prostitution if your karma is 50.

The simple solution....

[docbrown42]

....is to start making smart cards out of nanotubes! That way, when the hackers try to extract the data with their camera flash, the cards will explode! BOOM!

-Ed

Graphic Design, Web Design, Computer Rendering, Role-Playing Games...All the Good stuff

docbrown.net

Isn't this illegal?

[Spudley]

I thought the DCMA made this sort of research illegal?

'Cause after all, we don't want to know about serious flaws in our security systems, do we?