35. Chaos Communication Congress

Deine Spracheinstellungen wurden gespeichert. Wir bilden uns ein, hier gutes Deutsch zu schreiben, aber wenn du Probleme oder gar Fehler findest, sag uns bitte Bescheid!

In Soviet Russia Smart Card Hacks You
29.12.2018 , Clarke
Sprache: English

The classic spy movie hacking sequence: The spy inserts a magic smart card provided by the agency technicians into the enemy's computer, … the screen unlocks … What we all laughed about is possible!


Smartcards are secure and trustworthy. This is the idea smart card driver developers have in mind when developing drivers and smart card software. The work presented in this talk not only challenges, but crushes this assumption by attacking drivers using malicious smart cards.

We will present a fuzzing framework for *nix and Windows along with some interesting bugs found by auditing and fuzzing smart card drivers and middleware. Among them classic stack and heap buffer overflows, double frees, but also a replay attack against smart card authentication.

Since smart cards are used in the authentication process, a lot of vulnerabilities can be triggered by an unauthenticated user, in code running with high privileges. During the author's research, bugs were discovered in OpenSC (EPass, PIV, OpenPGP, CAC, Cryptoflex …), YubiKey drivers, pam_p11, pam_pkc11, Apple's smartcard-services and others.