Hacking Printers For Fun And Profit - Now, Do You Trust Your Printer Anymore?

No ratings

Presented at t2 2010 by

Andrei Costin

t2.fi

The use of smart cards has become part of our daily routine, when cashing money out from an ATM, accessing buildings, logging in to a computer system or shopping. Often our biggest concern is what the impact will be if we lose our smart card whether it is our credit card, building access card or logon access card. Will we lose our money or it will allow unauthorised access to computer systems or buildings. However, shouldn’t we be more concerned about whether the card itself can be used to attack the backend system handling the smart card input? After all, why steal one person's money or access rights when someone could steal them all. In the past smart card security has often focused on the content stored in the card, the cryptographic implementation and the communication channels used to transfer data. When we consider the sensitivity of the data that is stored and transferred, it is quite understandable that this has received so much attention. However, it is important to consider the system as a whole and appreciate that user data can be passed deep into the business environment. This can expose sensitive systems and processes to attack with potentially significant consequences. This presentation will therefore focus on attacking sensitive backend environments through smart cards and will include details of the evolution of an attack that can be delivered through a malicious smart card. The talk will include discussion about the different components that are handling data that can be delivered by a smart card and which are therefore potentially at risk with a user with a specially crafted card.