Did you know?
• How many of you have Orange SIM cards?
• What applications are running on your SIM
card?
• Any other apps working silently?
Slide 7
Slide 7 text
Example: SIM Tracker Applet
• Operators goal: sending the MMS/APN settings to the new handset
• Can also be used for investigation purposes
Slide 8
Slide 8 text
In The News…
– Oyster card: Crypto-1 encryption algorithm attack,
2004
– Cambridge university: EMV relay attack, 2010
– Sykipot malware Targeting US DoD smart cards,
2011-2012
Slide 9
Slide 9 text
In The News…
Slide 10
Slide 10 text
Why?
Slide 11
Slide 11 text
Why?
• 8 billion smart cards by 2014
• The “Internet of Things”
• Chip-enabled mobile payments
• Hardware backdoors
• Malware is everywhere!
Slide 12
Slide 12 text
Smart Card Firewall
Slide 13
Slide 13 text
Multi-application Smart Card Platforms
MULTOS
.NET card
JavaCard
Slide 14
Slide 14 text
.NET Smart Card
• First .NET virtual machine on the chip
• Native support in Windows 7 and server 2008
• Used in:
– Smart card based corporate badges (Microsoft
employees badge)
– Remote Access Control (USA DoD and UK MOD)
Slide 15
Slide 15 text
.NET smart card overview
Slide 16
Slide 16 text
.NET smart card security model
App Domain A
App Domain B
App Domain C
RSA Sig(A)
RSA Sig(C)
RSA Sig(B)
Slide 17
Slide 17 text
Public Key Token
Slide 18
Slide 18 text
Code Access Security
Slide 19
Slide 19 text
Data Access Security
Slide 20
Slide 20 text
Card application development
??
Deployment & Debugging ??
Communication (APDU) ??
Slide 21
Slide 21 text
Card application development
.NET assembly
Converter
Plug-in
Comm.
Proxy
(1) Compiles program
(2) Conversion
to card binary
(3) Signed card binary
(4) .NET remoting comm.
(5) APDU comm.
Vendor’s SDK
Slide 22
Slide 22 text
How secure is .NET card?
• Has EAL5+ certified Infenion chip
• EAL certification is widely used by smart card
industry (EAL3 to EAL7)
• .NET card OS is designed to achieve EAL4+
• EAL4+ audit:
– takes 6 to 9 months, costs high 10sk to low 100sk £
– includes independent penetration testing and source
code review in some case
• No published vulnerabilities so far
Slide 23
Slide 23 text
Rev. Engineering For Vuln. Discovery
Slide 24
Slide 24 text
Smart Card Vuln. research
• No Chip OS binary is available
• Traditional tools (debuggers, disassemblers)
are useless
• No publicly available testing tools
• Secure chips have sensors, shields, encryption
• ON-card bytecode/IL code verifier
.NET Card Binary
Compiler Header
Digital signature Header
Object counters Header
Namespaces reference table
Types reference table
Methods reference table
Fields reference table
Blob definitions
Type definitions
Method definitions
Program code (IL code)
RSA signature
Slide 28
Slide 28 text
HIVE manipulation/fuzzing
Slide 29
Slide 29 text
Manipulating Digital Signature Header
offset Field name size
32 SHA1 hash of the full assembly 20
52 Public key token 8
60 RSA modulus length 4 (len)
64 RSA public exponent 4
68 RSA modulus len
Compiler Header
Digital signature Header
Object counters Header
Namespaces reference table
Types reference table
Methods reference table
Fields reference table
Blob definitions
Type definitions
Method definitions
Program code (IL code)
RSA signature
Slide 30
Slide 30 text
Manipulating Digital Signature Header
PBKT=Reverse(Right(SHA1(RSA_modulus),8))
Slide 31
Slide 31 text
(Bypassing .NET card app Firewall)
Old school attack: Public Key Token Spoofing
Slide 32
Slide 32 text
Attack Demo
Let’s use the HiveMod tool to test this
vulnerability!
Slide 33
Slide 33 text
Manual testing vs. HiveMod
• Rev. engineering the SDK: ~2 months
• Hex editor for binary patching : Frustrating
• Modified card binary needs to be signed
• Destroying at least 10 cards: ~200 Euros
Slide 34
Slide 34 text
Real World Attack?
Employee
corporate
cafeteria
POS terminal
Attacker’s
system
(1) Attacker plants malware
in e-purse
Access control app
E-Purse app
GSM (data)
GSM (data)
(2) Payment
(3) Access control data
exfiltration
(4) save to card
(no GSM access)
Slide 35
Slide 35 text
Fiction or Real?
Document available on the internet
Slide 36
Slide 36 text
Vendor’s Response
• “An attacker needs administration key to be able to
upload his malicious application on the card, This Key is
normally securely stored in a HSM or a smart card
based controller”.
Slide 37
Slide 37 text
Vendor’s Response
• “Knowledge of the Public Key Token of the
targeted application is required”.
Slide 38
Slide 38 text
Vendor’s Response
• “The targeted application must use private
file-system storage for its data to be exposed.
Therefore, internal (Application Domain)
storage is immune to such attack”.
byte[] key={0xaf,0x09,0x45,0x12,....};
Slide 39
Slide 39 text
More Vulnerabilities...
• Unauthorized memory read in InitializeArray():
public static void InitializeArray(Array array,RuntimeFieldHandle fldHandle);
• Results: Partial memory dump
• Destroys the card (no reliable exploitation
yet)
Slide 40
Slide 40 text
More Vulnerabilities...
Slide 41
Slide 41 text
Conclusions
• don’t worry!
• check the apps PKTs for tampering.
• Use a secure card management system
• Smart card apps can be patched/updated , but
not the card’s OS!
• Smart cards OS and apps and card
management software need pen tests too!
Slide 42
Slide 42 text
Closing words
• HiveMod Tool would be available to Smart
Card vendors and security researchers
(contact [email protected])
• I’d like to thank Dr. Kostas Markantonakis for
supervising my research