Please support our Tech Talk advertiser:
Featured Entry 
Mar 16th, 2008, 10:51 am
Ever wondered just how smart a smartcard is, from the security perspective? Obviously there are problems as detailed in a DaniWeb blog posting last month which described how hackers can exploit hardware RFID weaknesses to access credit card account data for example. But now a former member of the team which helped develop security for the Microsoft smartcard program, Dan Griffin, has apparently decided to go ahead and expose how to attack the smartcard middleware plug-in for Vista systems.
According to the Dark Reading security site, Griffin has developed a 'fuzzing' tool which can hack third party vendor plug in software that uses the Microsoft Vista smartcard mini-driver interface. What's more he will give a proof-of-concept demonstration at the CanSecWest conference next week.
Griffin is quoted as saying that smartcards being used for access purposes come complete with Java code which allows for the writing of malicious code right onto the card itself. Using his SCardFuzz tool he can force a heap buffer overflow attack on the vendor's smartcard plug in which would allow an attacker to crash the Vista machine or simply control it via known exploits.
Griffin says "You insert it into a reader on an unattended machine... And you can take out a system process and at best, make it crash, or at worst, take over that process and control it."
According to the Dark Reading security site, Griffin has developed a 'fuzzing' tool which can hack third party vendor plug in software that uses the Microsoft Vista smartcard mini-driver interface. What's more he will give a proof-of-concept demonstration at the CanSecWest conference next week.
Griffin is quoted as saying that smartcards being used for access purposes come complete with Java code which allows for the writing of malicious code right onto the card itself. Using his SCardFuzz tool he can force a heap buffer overflow attack on the vendor's smartcard plug in which would allow an attacker to crash the Vista machine or simply control it via known exploits.
Griffin says "You insert it into a reader on an unattended machine... And you can take out a system process and at best, make it crash, or at worst, take over that process and control it."
This blog entry was written by Davey Winder, staff writer aka happygeek. It has received 1,987 views, 0 comments, and 62 linkbacks. 4 voters have rated this entry an average of 4.75 out of 5 stars. It was promoted to featured status Mar 16th, 2008.
•
•
•
•
advertising apple botnet business crime development email facebook firefox gaming google hacking hardware ibm internet iphone ipod law legal linux malware microsoft mobile mozilla mp3 news office open source operating os privacy research search security social networking software spam survey system technology trojan ubuntu uk virus vista web windows xp yahoo youtube
All Recent Tags Post Comment
•
•
•
•
Only community members can start a blog or comment on blog entries. You must register or log in to contribute.
•
•
•
•
•
•
•
•
DaniWeb Tech Talk Marketplace
Related Blog Entries
- Google gives users an insight into search (1 Day Ago)
- Apple fixes iPhone 2.0.1 software to break Pwnage tool (2 Days Ago)
- An Eventful Week for Apple, iPhone (4 Days Ago)
- Faster Firewire, Faster! (5 Days Ago)
- Amazon sells 240,000 Kindles (5 Days Ago)
- Parents have no idea what kids are doing online - shock horror (6 Days Ago)
- The "Mojave Experiment" - My "Microsoft Experience" (7 Days Ago)
- HD Moore gets owned (8 Days Ago)
- Google and Cuil search giants go head to head in DaniWeb testing (10 Days Ago)
- Crystal Ball Sunday #9: Intelligent Control (11 Days Ago)
