NPC Seal
We use cookies to ensure you get the best browsing experience. By continued use, you agree to our privacy policy and accept our use of such cookies. For further information, click FIND OUT MORE.
I AGREE FIND OUT MORE
x
advertisement
Filtered by: Scitech
SciTech

New malware hijacks USB smart cards


Researchers have created a proof-of-concept malware that threatens to give attackers control of USB smart card readers attached to an infected computer running Microsoft's Windows operating system.
 
A report on PC World said the malware installs a driver on the infected PC that allows connected USB devices to be shared over the Internet with the attacker's computer.
 
It quoted Paul Rascagneres, an IT security consultant at Luxembourg-based Itrust Consulting, as saying the attack is "almost completely transparent to the user," since it won't prevent them from using their smart card as usual.
 
But one clue to something unusual might be the blinking activity LED on the smart card reader when the card is accessed by the attacker, he said.
 
While a keylogger component steals credentials the users input through their keyboards, the attack is not likely to work with a smart card reader that has a physical keypad for entering the PIN.
 
Also, the drivers made by the researchers are not digitally signed with a valid certificate so they cannot be installed on some versions of Windows like 64-bit versions of Windows 7 - however, an attacker could sign the drivers with stolen certificates, PC World said.
 
Rascagneres is the founder and leader of malware.lu, a malware analysis and engineering project that designed the USB-sharing malware.
 
The researchers' new proof-of-concept malware shares the USB device over TCP/IP in "raw" form, while another driver installed on the attacker's computer makes it appear as if the device is attached locally.
 
Rascagneres is to showcase how the attack works at the MalCon security conference in New Delhi, India, on November 24.
 
Smart cards
 
Smart cards are most commonly for authentication and signing documents digitally. Some banks provide customers with smart cards and readers for secure authentication.
 
Also, some countries have introduced electronic ID cards that can citizens can use to authenticate and hold transactions with government websites.
 
Testing
 
The malware.lu team tested its malware prototype with the national electronic identity card (eID) used in Belgium and some smart cards used by Belgian banks.
 
Belgium's eID lets citizens conduct transactions like filing their taxes online, signing digital documents, and making complaints to police.
 
In theory, however, the researchers said the USB device sharing functionality should work with any type of smart card and USB smart card reader.  — TJD, GMA News
Tags: usb, malware, microsoft, microsoftwindows
LATEST ELEKSYON 2025 RESULTS
News
Voter's Education
Candidates
Find out your candidates' profile
Debates
Find the latest news
Stand on Issues
Find out individual candidate platforms
MyKodigo
Choose your candidates and print out your selection.
Voter's Profile
Voter Demographics
Most Popular