Two University of Cambridge computer security researchers planned yesterday to describe an ingenious and inexpensive attack that employs a US$30 camera flashgun and a microscope to extract secret information contained in widely used smart cards.
The newly discovered vulnerability is reason for alarm, the researchers from the British university said, because it could make it cost-effective for a criminal to steal information from the cards.
Smart cards are used for electronic identity protection, credit and debit cards and cellular phone payment and identity systems.
"This vulnerability may pose a big problem for the industry," they wrote in their paper, "Optical Fault Induction Attacks."
The researchers argued that the industry would need to add countermeasures to the cards to increase their security.
The discovery will be described on Monday evening in Oakland at an Institute of Electrical and Electronics Engineers symposium on security and privacy.
Smart cards are credit-card-like devices containing a microprocessor chip and a small amount of computer memory for storing bits of electronic data that represent money or other information that can be used to insure identity, like a code or a digitized retina scan or fingerprint.
The cards have long been promoted as the key to a cashless society as well as for identity and authorization applications. Some countries have begun using them for national identity cards, and they have recently been discussed as a way of confirming travelers' identities to speed airport security.
The Pentagon has given soldiers smart cards for online identity and physical access, and the cards are in use in the US in commercial services like the American Express Blue credit card and the Providian Smart Visa Card.
Information stored in the card is in the form of a number composed of ones and zeros that cryptographers refer to as a "private key." That key is part of a two-key system that is used to encode and decode information. The security of such systems is compromised if the private key is revealed.
Typically, after the card holder authenticates the card by supplying a personal identification number, the private key is used to encrypt the transaction. For example, the card might be used to authorize a purchase or a transfer of funds, make an e-mail message private, log on to a computer network or enter a building.
Over the last decade, security researchers have repeatedly found subtle flaws in the elaborate security methods used to protect smart cards, which range from special packaging materials to mechanisms that prevent a potential attacker from gleaning information by seeing how much power the device is consuming at any one time.
The researchers, Sergei Skorobogatov and Ross Anderson, who are based at the university's Computer Laboratory, discovered the flaw after Skorobogatov found that he could interrupt the operation of the smart card's microprocessor simply by exposing it to an electronic camera flashbulb.
They were able to expose the circuit to the light by scraping most of the protective coating from the surface of the microprocessor circuit that is embedded in each smart card.
With more study, the researchers were able to focus the flash on individual transistors within the chip by beaming the flash through a standard laboratory microscope.
By sequentially changing the values of the transistors used to store information, they were able to "reverse engineer" the memory address map, allowing them to extract the secret information contained in the smart card.
ROLLER-COASTER RIDE: More than five earthquakes ranging from magnitude 4.4 to 5.5 on the Richter scale shook eastern Taiwan in rapid succession yesterday afternoon Back-to-back weather fronts are forecast to hit Taiwan this week, resulting in rain across the nation in the coming days, the Central Weather Administration said yesterday, as it also warned residents in mountainous regions to be wary of landslides and rockfalls. As the first front approached, sporadic rainfall began in central and northern parts of Taiwan yesterday, the agency said, adding that rain is forecast to intensify in those regions today, while brief showers would also affect other parts of the nation. A second weather system is forecast to arrive on Thursday, bringing additional rain to the whole nation until Sunday, it
CONDITIONAL: The PRC imposes secret requirements that the funding it provides cannot be spent in states with diplomatic relations with Taiwan, Emma Reilly said China has been bribing UN officials to obtain “special benefits” and to block funding from countries that have diplomatic ties with Taiwan, a former UN employee told the British House of Commons on Tuesday. At a House of Commons Foreign Affairs Committee hearing into “international relations within the multilateral system,” former Office of the UN High Commissioner for Human Rights (OHCHR) employee Emma Reilly said in a written statement that “Beijing paid bribes to the two successive Presidents of the [UN] General Assembly” during the two-year negotiation of the Sustainable Development Goals. Another way China exercises influence within the UN Secretariat is
LANDSLIDES POSSIBLE: The agency advised the public to avoid visiting mountainous regions due to more expected aftershocks and rainfall from a series of weather fronts A series of earthquakes over the past few days were likely aftershocks of the April 3 earthquake in Hualien County, with further aftershocks to be expected for up to a year, the Central Weather Administration (CWA) said yesterday. Based on the nation’s experience after the quake on Sept. 21, 1999, more aftershocks are possible over the next six months to a year, the agency said. A total of 103 earthquakes of magnitude 4 on the local magnitude scale or higher hit Hualien County from 5:08pm on Monday to 10:27am yesterday, with 27 of them exceeding magnitude 5. They included two, of magnitude
Taiwan’s first drag queen to compete on the internationally acclaimed RuPaul’s Drag Race, Nymphia Wind (妮妃雅), was on Friday crowned the “Next Drag Superstar.” Dressed in a sparkling banana dress, Nymphia Wind swept onto the stage for the final, and stole the show. “Taiwan this is for you,” she said right after show host RuPaul announced her as the winner. “To those who feel like they don’t belong, just remember to live fearlessly and to live their truth,” she said on stage. One of the frontrunners for the past 15 episodes, the 28-year-old breezed through to the final after weeks of showcasing her unique