Smart Card Vulnerability


"Satellite Expert"
Jan 1, 2000
Reaction score
My Satellite Setup
VU+ Duo, Humax IRCI5400z, Sony Bravia KDL-32EX403, 1.1m Triax, Technomate TH-2600 DiSEqC mount, Sony BDV-E280 Home Cinema system, ancient Logik Freeview PVR.
My Location
See for full text.

Two University of Cambridge computer security researchers on Monday were to detail an ingenious and inexpensive attack that employs a $30 camera flashgun and a microscope to extract secret information contained in widely used smart cards. "This vulnerability may pose a big problem for the industry," they wrote in their paper, "Optical Fault Induction Attacks." The researchers argued that the industry would need to add countermeasures to increase the cards' security.

The key is part of a two-key system that is used to encode and decode information. Typically, after the cardholder authenticates the card by supplying a personal identification number, the private key is used to encrypt the transaction.

The researchers found that they could interrupt the operation of the smart card's microprocessor simply by exposing it to an electronic camera flashbulb. They were able to expose the circuit to the light by scraping most of the protective coating from the surface of the microprocessor circuit that is embedded in each smart card.

With more study, the researchers were able to focus the flash on individual transistors within the chip by beaming the flash through a standard laboratory microscope. By sequentially changing the values of the transistors used to store information, they were able to "reverse engineer" the memory address map, allowing them to extract the secret information.


Hmm, interesting - bank cards, I guess. Beats DPA with a car battery :D. Thanx for info.