POC Malware Wins Control Over USB Smartcards
A researcher team from IT security consultancy, Itrust has made a proof-of-concept malware that permit attackers gain control to smartcard readers attached to infected Windows PCs through the internet, as published itpro.co.uk dated November 20, 2012.
Notably, smart cards are generally employed as hardware-based validation devices for marking into VPNs, banking and financial portals, corporate networks, and signing documents electronically. Conventionally considered as one of the more safe routes for ensuring far-off access, the latest proof shows that idea a door. The attack happens when a smartcard reader is connected to the affected computer via USB (Universal Serial Bus).
A security consultant, Paul Rascagneres at Itrust consulting says about the working mechanism of the malware: the malware infect windows machines with a particular driver that employs USB tool viewable to a far-flung attacker. The perpetrator is capable to view the device as if it were local to their owner's machine; with it anyone can increase corporate access. As an additional tool, the windows malware also establishes a key logger to confine the log-in credentials that a customer need in collaboration with the smart card, according to a statement published by infosecurity-magazine.com in the 3rd week of November 2012.
Unfortunately, the genuine customer would have no idea that the smart card or machine is held. The only tell-story is a missed blinking on the card easily without any difficulty when the hackers win control.
Rascagneres claims his team simply tested the proof-of-concept against Belgian national electronic identity cards and smarts cards utilized by some banks in that county, but he says that, in theory, the exploit should work not in favor of almost any smart card model.
Interestingly, the drivers manufactured by the researchers are not electrically signed, one way that the violence might be found. However, bad guys might be competent to get around finding by either employing stolen digital certificates or by employing malware (TDL4 root kit) that can disable the driver-signing policy on 64-bit versions of Windows 7.
Further, a complete exposition of the growth of the prototype and the hazard that this type of malware present will be liberated in a presentation by Rascagneres, entitled Smartcards Reloaded-Remotely! At the upcoming Malcon security conference in New Delhi (India) dated 24 November, 2012.
Related article: PC Makers Agree To Enable ‘DEP’ To Support ‘ASLR’
» SPAMfighter News - 29-11-2012