Former Microsoft security team member will demonstrate how his new fuzzer hacks smart card plug-in
The recent wave of smart card hacks have been aimed mainly at the cardâ€™s chip and bypassing physical security, but not this latest one: A former Microsoft security team member has demonstrated an attack that compromises the smart cardâ€™s middleware plug-in for Vista machines.
Researcher Dan Griffin, who previously worked for Microsoft on its smart card program, has developed a custom fuzzing tool that hacks smart card and third-party vendorsâ€™ plug-in software that use Microsoftâ€™s Smart Card Minidriver Interface, which is built into Vista. “Iâ€™m not focusing on the smart card chip,” Griffin says. “If I just attack a few specific parts [of the middleware], it will fall over.”
Griffin says these smart cards being used for building and machine access come with Java code that allows you to write malicious code into the card. “Writing a hacker applet on the card is not that hard or far-fetched,” he says. And he stresses that itâ€™s “not Microsoft code I blow up,” but the smart card or third-party plug-in vendorâ€™s.
Griffinâ€™s custom SCardFuzz tool basically forces a heap buffer overflow attack on an unnamed vendorâ€™s smart card plug-in/middleware, allowing an attacker to crash the Vista machine or take it over, says Griffin, a security consultant with JW Secure Inc. “You insert it into a reader on an unattended machine… And you can take out a system process and at best, make it crash, or at worst, take over that process and control it.”
The tool provides the cardâ€™s plug-in with bogus and jumbled data to cause the overflow attack.
In a proof-of-concept demonstration that he will give at the upcoming CanSecWest conference, Griffin will use a live smart card and its middleware: â€œInstead of modifying the applet on the card, I instead hook one of the low-level smart card API calls. So logically, the fuzzer sites between the card and the middleware,â€ he says, explaining that this make it more visual for the demo and shows the API.
â€œIâ€™m therefore simulating what could be done by writing an evil applet and running it on the card,” he says.
He admits heâ€™s a little nervous about releasing SCardFuzz publicly, even after his CanSecWest presentation of it and other Vista Hacking tools he has previously demonstrated over the past year (encryption, firewall, and IPSec ).
“I was thinking that if someone was really interested in using it, I could provide them with the fuzzer but take out the [smart card plug-in] vendor commands,” he says.
And XP users with smart card access, beware: This type of attack isnâ€™t restricted to plug-ins that work with Vista machines. “Itâ€™s [the smart card interface] been made available down-level, so it would apply to XP as well.”
Related Posts: On this day...
- AIM is (unofficially) dead - 2012
- How a Netflix original-series deal could change TV making - 2011
- Poor countries have more piracy because media costs too much - 2011
- Blood Falls in Antarctica - 2011
- Video of NASA dropping helicopter to watch it crash - 2010
- Major Cybercrime Busts Take Place In Romania - 2009
- Exaile has everything over Amarok - 2009
- Customs Proof Your Laptop - 2008
- What is a Firewall and Why Do You Need One? - 2008