Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Proof-of-concept Malware Enables Remote Accesses To Smart Card Readers

A security researcher has developed a proof-of-concept malware capable of remotely accessing smart card readers on Windows machines.

A security researcher has developed a proof-of-concept malware capable of remotely accessing smart card readers on Windows machines.

The proof-of-concept installs a separate USB driver which allows attackers to share smart card readers over the Internet, The Register reported Tuesday. Attackers would theoretically be able to read information on any smartcards inside the reader even if they weren’t in front of the compromised Windows computer the reader is connected via USB, according to itrust Consulting, the team behind the project.

Smart CardPaul Rascagneres, a security consultant at itrust Consulting is scheduled to demonstrate the proof-of-concept at the MalCon conference in New Delhi, India on Nov. 24. The demonstration would “showcase a new kind of malware” that would transmit the information stored on the smartcard inside the compromised reader directly to a command-and-control server, according to a description of the presentation posted on the MalCon Website.

“The attacker can use the smartcard as if it is directly connected to his machine!” according to the summary.

There have been instances of malware hijacking smart card devices, but this proof-of-concept extends the attack by making the compromised smart card reader available over TCP/IP, IDG News reported. From the attacker’s perspective, the smart card reader attached to the compromised computer appears as if it attached locally to the attacker’s computer.

The Sykipot Trojan is one such malware, and it successfully hijacked smart readers on United States Department of Defense computers earlier this year, according to AlienVault’s latest At-A-Glance report released on Monday. The Defense Department used smart cards to handle authentication for restricted resources, AlienVault said.

“Sykipot successfully and effectively hijacked DoD and Windows smart cards in early 2012. As long as the card remained in the smart card reader, the attacker was able to quietly gain access to unlimited resources on secure networks,” AlienVault wrote in the report.

Some banks use smartcards to protect customers using online banking and confirm transactions. Businesses may use smartcards to authenticate remote workers onto the network. Smartcards are generally used with PIN codes or passwords as part of a two-factor authentication scheme. The PIN or password would fit “what you know” and the smartcard would fill the “something you have” criteria. itrust Consulting bundled in a key-logger into the proof-of-concept in order to intercept the PIN, password or other login credentials that may be entered on that infected machine.

itrust Consulting tested the prototype with smart cards used by Belgian banks and the Belgian electronic identity card.

Advertisement. Scroll to continue reading.

As the drivers used by the prototype malware are not digitally signed, defenders can block similar attempts by looking for properly signed code. That wouldn’t stop the bad guys from stealing digital certificates, though

The proof-of-concept at the moment appears to be software-specific and works on a smart card reader running the ActiveClient software from ActiveIdentity.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Gigamon has promoted Tony Jarjoura to CFO and Ram Bhide has been hired as Senior VP of engineering.

Cloud security firm Mitiga has appointed Charlie Thomas as Chief Executive Officer.

Cynet announced the appointment of Jason Magee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.