iTnews

Malware can remotely steal smartcard PINs

By Darren Pauli on Nov 19, 2012 12:30PM
Malware can remotely steal smartcard PINs

USB authentication targeted.

A researcher has developed malware capable of remotely stealing two factor PINs generated by USB smartcards.

The malware was unique in that it used a driver to access the USB port and ship PINs stolen using a keylogger to a remote command and control server.

Author and penetration tester Paul Rascagneres (RootBSD) said the malware would work on most USB smartcards. 

"I did not test the proof of concept on all providers, but as the malware shares the USB device in raw, we do not target any specific smartcard," Rascagneres said.

"Normally it will work on every smartcard or USB device."

The use of a driver to swipe smartcard tokens was unique, Rascagneres said, because existing malware had used the Windows application programming interface to steal PINs.

"The driver is used to make the USB available over IP and to connect to a remote machine," he said.

Attackers could deliver the malware through classic vectors including malicious email attachments or exploit kits.

Users could mitigate the threat and others like it by using a hardware keypad or by monitoring latency.

Rascagneres will present a proof of concept instance of the malware at the Malcon event this month.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:
2fa malcon malware poc research security smart cards

Partner Content

Beat the DDoS blackmails in 2021
Partner Content Beat the DDoS blackmails in 2021
MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics
Partner Content MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics
MSI launches innovative new laptops
Partner Content MSI launches innovative new laptops
Shut the door on ransomware
Partner Content Shut the door on ransomware

Sponsored Whitepapers

Five questions to ask before you upgrade to a SIEM solution
Five questions to ask before you upgrade to a SIEM solution
Effectively addressing advanced threats
Effectively addressing advanced threats
The risky business of open source
The risky business of open source
Ensure your e-signatures are legally binding
Ensure your e-signatures are legally binding
Mitigating open source risk in your organisation
Mitigating open source risk in your organisation

Events

  • On-Demand Webinar: How Poly and Microsoft are Embracing Future Work Environments
  • Beat the DDoS blackmailers in 2021
By Darren Pauli
Nov 19 2012
12:30PM
0 Comments

Related Articles

  • Police take over global Emotet infrastructure
  • Ransomware gang Ryuk thought to have pulled in US$150 million
  • FireEye, GoDaddy and Microsoft flick SolarWinds SUNBURST 'killswitch'
  • Law firm Seyfarth Shaw discloses 'aggressive malware' infection
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Australia Post is building a digital twin of its delivery network

Australia Post is building a digital twin of its delivery network

Google threatens to withdraw search engine in Australia

Google threatens to withdraw search engine in Australia

NBN Co runs fixed wireless tower on diesel generator for over two years

NBN Co runs fixed wireless tower on diesel generator for over two years

NBN Co saves $1m a year by powering down idle line cards

NBN Co saves $1m a year by powering down idle line cards

You must be a registered member of iTnews to post a comment.
Log In | Register
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.