[cryptography] Sykipot variant hijacks DoD and Windows smart cards

Steven Bellovin smb at cs.columbia.edu
Tue Jan 17 01:30:37 EST 2012


On Jan 17, 2012, at 1:16 46AM, Peter Gutmann wrote:

> Arshad Noor <arshad.noor at strongauth.com> writes:
> 
>> A good analysis of the attack:
>> 
>> http://labs.alienvault.com/labs/index.php/2012/when-the-apt-owns-your-smart-cards-and-certs
> 
> Interesting that we're finally starting to see these appear in practice,
> there's been a whole string of papers on MITM'ing smart cards (mostly in
> German, and related to online banking), but this is the first one I've seen
> that goes beyond proof-of-concept.
> 
Yah.  I mentioned the possibility in a talk at least 15 years ago, but
I haven't seen one in the wild, either.


		--Steve Bellovin, https://www.cs.columbia.edu/~smb








More information about the cryptography mailing list