[cryptography] Smart card with external pinpad

Peter Gutmann pgut001 at cs.auckland.ac.nz
Fri Aug 19 03:39:49 EDT 2011


Bob Lloyd <boblloyd8000 at yahoo.com> writes:

>Has anyone performed an analysis of the security of any of the available
>smart card reader/external pin pad solutions?  Are they effective at keeping
>the pin from being accessible at the host to which the reader is connected?Â
>Does anyone have any concerns about the security of these products?  If you
>were to test the security of such a solution, any suggestions as to what
>you'd look for or would be concerned about?

They keep the PIN from the host because it's communicated directly from the
reader to the card.  OTOH the security, in the cases where I've looked at
them, is pretty bad, both the cards and the readers are horribly vulnerable to
malformed-data attacks.  In fact the biggest challenge when... investigating
them is to avoid bricking the card and/or reader, because it's so easy to do
via out-of-spec messages.  In addition many of the implementations are
horribly buggy so you have to send malformed packets to them to get them to
work (except if they're malformed the wrong way then you brick the card, which
is why you start with a stack of cards on the assumption that you'll brick
half of them as you're trying to figure out the messaging protocol).  I've
been told by people who have worked on them that significant chunks of
proprietary vendor drivers on the host are devoted to working around all the
implementation bugs in cards and readers.  If there's anyone who's worked on
reverse-engineering card protocols for something like OpenSC they should be
able to provide further info.

Peter.



More information about the cryptography mailing list