Vista with smart card hacked
Former Microsoft employee Dan Griffin has developed a fuzzing tool with which he can find and exploit vulnerabilities in smart card plugin software under Windows Vista. He claims to have found vulnerabilities which can be exploited to gain control of a system in the software of an unnamed smart card vendor. He plans to demonstrate the vulnerability at CanSecWest in Vancouver at the end of March.
Using his SCardFuzz tool, Griffin claims to have written programs for smart cards which attack the vendor's plugins for Microsoft’s Smart Card Minidriver by feeding it fake and jumbled data. The programs can be written to the card using a Java applet supplied by the smart card vendor. Griffin has told US media that, “Writing a hacker applet on the card is not that hard or far-fetched.”
According to Griffin, SCardFuzz causes a heap-based buffer overflow in the unnamed vendor’s middleware/plugin for Microsoft’s smart card programming interface. This allows an attacker to crash or gain control over a Vista computer. “You insert it into a reader on an unattended machine ... And you can take out a system process and at best, make it crash, or at worst, take over that process and control it.”
The attack is apparently not limited to Vista plugins, but should also work under Windows XP.
- List of speakers at CanSecWest in late March