In Soviet Russia Smartcard Hacks You

Presented at DEF CON 26 (2018), Aug. 11, 2018, 1 p.m. (20 minutes).

The classic spy movie hacking sequence: The spy inserts a magic smartcard provided by the agency technicians into the enemy's computer, ...the screen unlocks... What we all laughed about is possible!

Smartcards are secure and trustworthy. This is the idea smartcard driver developers have in mind when developing drivers and smartcard software. The work presented in this talk not only challenges, but crushes this assumption by attacking smartcard drivers using malicious smartcards.

A fuzzing framework for *nix and Windows is presented along with some interesting bugs found by auditing and fuzzing smartcard drivers and middleware. Among them classic stack and heap buffer overflows, double frees, but also a replay attack against smartcard authentication.

Since smartcards are used in the authentication process, a lot of vulnerabilities can be triggered by an unauthenticated user, in code running with high privileges. During the authors research, bugs were discovered in OpenSC (EPass, PIV, OpenPGP, CAC, Cryptoflex,...), YubiKey drivers, pam_p11, pam_pkc11, Apple smartcardservices...


Presenters:

  • Eric Sesterhenn - Principal Security Consultant at X41, D-Sec GmbH
    Eric Sesterhenn is working as an IT Security consultant for more than 15 years, working mostly in the areas of source code auditing and penetration testing. His experience in the field includes:

Links:

Similar Presentations: