Security Experts:

Connect with us

Hi, what are you looking for?


Malware & Threats

Proof-of-concept Malware Enables Remote Accesses To Smart Card Readers

A security researcher has developed a proof-of-concept malware capable of remotely accessing smart card readers on Windows machines.

A security researcher has developed a proof-of-concept malware capable of remotely accessing smart card readers on Windows machines.

The proof-of-concept installs a separate USB driver which allows attackers to share smart card readers over the Internet, The Register reported Tuesday. Attackers would theoretically be able to read information on any smartcards inside the reader even if they weren’t in front of the compromised Windows computer the reader is connected via USB, according to itrust Consulting, the team behind the project.

Smart CardPaul Rascagneres, a security consultant at itrust Consulting is scheduled to demonstrate the proof-of-concept at the MalCon conference in New Delhi, India on Nov. 24. The demonstration would “showcase a new kind of malware” that would transmit the information stored on the smartcard inside the compromised reader directly to a command-and-control server, according to a description of the presentation posted on the MalCon Website.

“The attacker can use the smartcard as if it is directly connected to his machine!” according to the summary.

There have been instances of malware hijacking smart card devices, but this proof-of-concept extends the attack by making the compromised smart card reader available over TCP/IP, IDG News reported. From the attacker’s perspective, the smart card reader attached to the compromised computer appears as if it attached locally to the attacker’s computer.

The Sykipot Trojan is one such malware, and it successfully hijacked smart readers on United States Department of Defense computers earlier this year, according to AlienVault’s latest At-A-Glance report released on Monday. The Defense Department used smart cards to handle authentication for restricted resources, AlienVault said.

“Sykipot successfully and effectively hijacked DoD and Windows smart cards in early 2012. As long as the card remained in the smart card reader, the attacker was able to quietly gain access to unlimited resources on secure networks,” AlienVault wrote in the report.

Some banks use smartcards to protect customers using online banking and confirm transactions. Businesses may use smartcards to authenticate remote workers onto the network. Smartcards are generally used with PIN codes or passwords as part of a two-factor authentication scheme. The PIN or password would fit “what you know” and the smartcard would fill the “something you have” criteria. itrust Consulting bundled in a key-logger into the proof-of-concept in order to intercept the PIN, password or other login credentials that may be entered on that infected machine.

itrust Consulting tested the prototype with smart cards used by Belgian banks and the Belgian electronic identity card.

As the drivers used by the prototype malware are not digitally signed, defenders can block similar attempts by looking for properly signed code. That wouldn’t stop the bad guys from stealing digital certificates, though

The proof-of-concept at the moment appears to be software-specific and works on a smart card reader running the ActiveClient software from ActiveIdentity.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...