Bypassing Smart-card Authentication and Blocking Debiting: Vulnerabilities in Atmel Cryptomemory-based Stored-value Systems

Presented at DEF CON 18 (2010), July 31, 2010, 1 p.m. (50 minutes).

Atmel CryptoMemory based smart cards are deemed to be some of the most secure on the market, boasting a proprietary 64-bit mutual authentication protocol, attempts counter, encrypted checksums, anti-tearing counter measures, and more. Yet none of these features are useful when the system implementation is flawed. Communications were sniffed, protocols were analyzed, configuration memory was dumped, and an elegant hardware man-in-the-middle attack was developed. From start to finish, we will show you how concepts learned from an introductory computer security class were used to bypass the security measures on a Cryptomemory based stored value smart card laundry system, with suggestions on how things can improve.

Presenters:

  • Jonathan Lee
    Jonathan Lee is a Computer Engineering student from the University of British Columbia.
  • Neil Pahl
    Neil Pahl is a recent graduate of the University of British Columbia in Electrical Engineering.

Links:

Similar Presentations: