Explore a groundbreaking conference talk that challenges the assumed security of smart cards and their drivers. Delve into a fuzzing framework for *nix and Windows systems, uncovering critical vulnerabilities in smart card drivers and middleware. Examine various security flaws, including stack and heap buffer overflows, double frees, and a replay attack against smart card authentication. Learn how these vulnerabilities can be exploited by unauthenticated users to gain high-level privileges. Discover the impact of these findings on popular smart card systems such as OpenSC, YubiKey drivers, pam_p11, pam_pkc11, and Apple's smartcard-services. Gain insights into the potential real-world implications of these security weaknesses, reminiscent of classic spy movie hacking sequences.
Overview
Syllabus
35C3 - In Soviet Russia Smart Card Hacks You
Taught by
media.ccc.de