Smart Cards Vulnerable to Photo-Flash Attacks?

← Back to Stories (view on slashdot.org)

Smart Cards Vulnerable to Photo-Flash Attacks?

Posted by CmdrTaco on Monday May 13, 2002 @02:24AM from the now-thats-an-issue dept.

belphegor writes "Researchers at the University of Cambridge have found a way to use a camera flash and microscope to extract data from smart cards. " Notable because its apparently relatively simple to do and really throws a monkey wrench into a variety of businesses that use smart cards to store important data.

22 of 214 comments (clear)

They should have used the iButton by swagr · 2002-05-13 02:26 · Score: 4, Informative

It immediatly destroys it's internal data when forced open.
Here's the link.

--

-... --- .-. . -.. ..--..
1. Re:They should have used the iButton by egomaniac · 2002-05-13 03:21 · Score: 4, Informative
  
  It's easy enough to open an iButton without destroying it. I seem to recall you just keep it in a pressurized N2 atmosphere while cracking the case, and it won't even realize that it has been opened.
  
  --
  ZFS: because love is never having to say fsck
2. Re:They should have used the iButton by arkanes · 2002-05-13 03:31 · Score: 5, Funny
  
  Yeah, because I have this pressurised N2 atmosphere sitting over here in my basement...
3. Re:They should have used the iButton by Tackhead · 2002-05-13 04:58 · Score: 5, Funny
  
  > Yeah, because I have this pressurised N2 atmosphere sitting over here in my basement...
  I tried building that. I'm 70% of the way there.
smartcards have always been lacking by Lumpy · 2002-05-13 02:28 · Score: 5, Informative

there is very little tamper protection on smartcards due to their flimsy construction. you cant make a rapid zeroization system on something that isn't rigid and tough enough to be driven over repeatedly by a car or take the huge amount of abuse the human carrier provides every day.

except... dallas semiconductor long ago created the ibutton that is more secure and better than any smartcard..

(I know I sound like a broken record, but ibuttons are way better and cooler than any smartcard, and you as a home hacker can use them!)

--
Do not look at laser with remaining good eye.
1. Re:smartcards have always been lacking by Jon+Peterson · 2002-05-13 03:06 · Score: 5, Interesting
  
  OK, so smart cards are not tamper resistant. I don't see that any attack based around stealing a smart card is anything to worry about, assuming the card itself only stores dumb information like a sum of money or an id number.
  
  Guess what?! Criminals can read the information from a credit card using nothing more sophisticated than their eyes! Does this render credit cards an appalling security risk? No, because when it gets stolen you report it and cancel the card.
  
  Now, if someone figures out a way to _write_ to the smart card to people can top up sums of money or whatever, that's a problem. Also, if the smartcard stores data that's useful in itself - say your real naem and address, or other bank account numbers, or what have you, then you certainly don't want that being read by someone else.
  
  --
  ----- .sig: file not found
2. Re:smartcards have always been lacking by SignoffTheSourcerer · 2002-05-13 03:14 · Score: 3, Interesting
  
  This is really nothing new, many microcontrollers (like those used in smartcards) are vulnerable to different attacks, clock-glitches voltage reversals/spikes which may unlock their security features. Many of them are normally readable but are 'locked' by a fuse. This fuse may be reset by removing the UV protective coating and erase the card as an EPROM (this will ofcourse also destroy any data you wanted to read). There are however methods circumventing this, like using micro-film as masks for the UV-eraser, or using micro-probes to directly alter the bus. Many cards do not even have real protection, like the european pay-phone cards, all they are is a serial-EPROM which is burned a bit at a time for each credit, but they're fused so if you erase them (UV-wise) they will not allow you to re-program the low-area of the EPROM, but don't worry, just use som other blank card and copy it onto that.
  
  --
  Ordo Militum Unix.
3. Re:smartcards have always been lacking by pwagland · 2002-05-13 05:37 · Score: 3, Informative
  
  OK, so smart cards are not tamper resistant. I don't see that any attack based around stealing a smart card is anything to worry about, assuming the card itself only stores dumb information like a sum of money or an id number.
  
  And herein lies the problem. Smart cards don't only store "dumb information". In particular, from the article (which I assume you read?):
  Some of the information stored in the card is in the form of a number composed of ones and zeros that cryptographers refer to as a "private key." That key is part of a two-key system that is used to encode and decode information. The security of such systems is compromised if the private key is revealed.
  
  In particular, here in the Netherlands (and I believe elsewhere in Europe), you can get online access to your account (with most banks) by using your ATM card. This is accomplished since each ATM card has a smart card on the card. If you can get the secret key out of the card, then you can login to someone elses banking site. No you can't do this with the card alone, since you need to know the cards PIN to access the smart card functionality.
No worries, we'll just pass more laws... by Dimensio · 2002-05-13 02:32 · Score: 5, Insightful

All that needs to happen is for makers of smart cards to send money to Congresscritters to pass laws against smart card "circumvention devices" and have anyone making, selling or posessing a flash-based camera arrested.

Remember, when a security technology is comprimised you don't improve the technology, you outlaw anything that exposes its weakness.

--
STOP MISUSING APOSTROPHES, YOU MORONS!!!
1. Re:No worries, we'll just pass more laws... by nolife · 2002-05-13 04:06 · Score: 5, Interesting
  
  This happened in the past with the padding of the cell phone industry. Analog mode cell phones send clear audio over the air in roughly the 868-890 MHz range. To protect the cell phone industry, the government passed a law in 1994 to prevent the sale of consumer radio scanners from receiving these frequencies. That worked for a while but many scanners were easily 'hacked' to get this region back. In 1997 the law was modified/changed to make it illegal to modify a scanner and companies had to produce scanners that were tamper proof.
  
  These air bands were open to public ears for decades before the cell phone industry came to life. They chose to use "plain text" audio for analog transmissions to save money with no regard for your privacy. The government stepped in to bail them out when scanning these frequencies became popular and to give the public a false sense of security so they would buy more of them and keep the cell phone industry going strong.
  
  It is also illegal to listen to analog cordless phones (46-49MHz/900MHz) but there is no law preventing the scanners from receiving these bands. I guess the cordless guys could not drum up enough soft money to get that through.
  
  --
  Bad boys rape our young girls but Violet gives willingly.
Trust us, OUR cards ARE smart... by dpbsmith · 2002-05-13 02:34 · Score: 3, Funny

"Alex Giakoumis... said his company had built defensive measures into its products that would make them invulnerable to such an attack. However, he said he was unwilling to be specific about the nature of the security system."

However, it is speculated that the card contains material that can obscure the flash, literally achieving "security through obscurity."

--
"How to Do Nothing," kids activities, back in print!
So let me get this straight, by Civil_Disobedient · 2002-05-13 02:36 · Score: 5, Interesting

Lemme see if I understand right. Reverse engineer hardware to show its inherit ineffectualness -- that's ok. Reverse engineer software to show its inherit ineffectualness -- that's illegal.

Ok, just making sure.
Easy solution: Nanotubes by MontyP · 2002-05-13 02:36 · Score: 4, Funny

All they need to do is intertwine single wall carbon based nano tubes throughout the memory. When the camera flash hits the memory, the memory will self destruct.

--

There is no .sig
Easy to do? by AlaskanUnderachiever · 2002-05-13 02:37 · Score: 4, Informative

Ok, maybe everyone else on slashdot has a full clean room. I mean, it could be a possibility. But when I hear phrases like "focusing light on a single transistor" and "Wentworth Labs MP-901 manual probing station" I tend not to think of simple or easy to do. I'm not saying you couldn't hack one, I'm just asking what % of criminals are going to have access to a "manual probing station"?

--
Find out about my new childrens book: SS Death Camp Criminal Batallion Go To Monte Carlo For The Massacre
don't write the PIN on the back of your smart card by Bogatyr · 2002-05-13 02:38 · Score: 3, Insightful

And if I'm not running an enccrypted filesystem on a hard drive, and someone steals the hard drive out of that computer, they can read the data. Now I consider this article's significance to be just another reminder that physical security is important.
(quoting from the linked article)
"The Pentagon (news - web sites) has armed soldiers with smart cards for online identity and physical access...Some of the information stored in the card is in the form of a number composed of ones and zeros that cryptographers refer to as a "private key." That key is part of a two-key system that is used to encode and decode information. The security of such systems is compromised if the private key is revealed. Typically, after the card holder authenticates the card by supplying a pin number, the private key will then be used to encrypt any sort of transaction using the card."
The handyman's secret weapon by gambit3 · 2002-05-13 03:09 · Score: 4, Funny

"We used duct tape to fix the photoflash lamp on the video port of a Wentworth Labs MP-901 manual probing station," they wrote in their paper.

No matter how high tech, there's no experiment that can't be improved with duct tape

--
Watch the Teaser Trailer for "The Lightning Thief" Her
physical card access by krokodil · 2002-05-13 03:35 · Score: 3, Insightful

The vulnerability would make it possible for a criminal to find the secret information stored in the card, steal the user's cellphone identity and make free phone calls.
To do this he needs first to get physical access to the card, which is inside the phone (usually under battery). Having access to the phone, usually allow him to make calls anyway without complex card reading procedure.
it's sad this springs to mind. by BreakWindows · 2002-05-13 03:37 · Score: 5, Funny

A team of researchers from I.B.M.'s Thomas J. Watson Laboratory in Yorktown Heights, N.Y., said they would present a report at the conference based on their discovery ...

Dmitri called. He said if you see any guys in cheap suits applauding on stage right, exit stage left.
That's what they're calling it these days, eh? by soulcuttr · 2002-05-13 03:46 · Score: 3, Funny

From what little I know, any criminal who has been to jail has had access to a "manual probing station". IANAC (I Am Not A Criminal), but I think it's located in the showers.

-Sou|cuttr
We fixed it, but we can't tell you how! by tweakt · 2002-05-13 08:01 · Score: 3, Insightful

"He said his company had built defensive measures into its products that would make them invulnerable to such an attack. However, he said he was unwilling to be specific about the nature of the security system, because such information would be valuable to someone who was attempting to break the security of the Atmel smart cards."
If it's secure, but only because noone knows how it works, then it's inherently *NOT* secure. When will they learn?
OBSCURITY IS NOT SECURITY
*sigh*
1. Re:We fixed it, but we can't tell you how! by Alsee · 2002-05-13 17:00 · Score: 3, Insightful
  
  OBSCURITY IS NOT SECURITY
  
  Once again, someone taking a piece of truth and misapplying it.
  
  Obscurity is an excellent additional layer of defence.
  
  An example: Take any well known strong encryption, say Triple-DES. Thousands of people have spent thousands of hours studying it and analyized the best attacks against it. I guarantee some organizations have built special hardware to crack it. They grab a message, feed it into the NSA ultra-parallel computer and *BING* 24 hours later an answer pops out.
  
  Now, lets say I use triple-DES but then I add a piece of crap insecure custom encryption on top. Heck, even a ROT-13 layer would cause dedicated hardware to barf. Now the million man-hours of triple-DES research and your billion-dollar super computer are completely useless until someone invests the time to crack my personal encryption layer. It doesn't matter if the "obscure" layer is insecure. If a million people use a million obscure custom encryptions, the time you invest breaking one does you no good when you get to the next.
  
  Security through obscurity is only flawed when it is your primary line of defense.
  
  -
  
  --
  - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Um by scrytch · 2002-05-13 08:21 · Score: 3, Insightful

If someone grabs your smartcard, why wouldn't they just *use* it. Or call the credit card company, tell them they're you, pass their rigourous security screening questions like asking for your social security number, and get a new card. Social engineering is a lot easier than tunnelling a flash with a microscope.

Jesus ... it's a *key*. That's why you keep keys safe. Someone grabs my keys (those little jangly jagged metal things), they can use them, and if they have key duplicating equipment, they can duplicate my keys. Big deal.

--
I've finally had it: until slashdot gets article moderation, I am not coming back.