Malware Alert: USB Smart Readers

Monday, November 19, 2012 @ 12:11 PM gHale


Proof-of-concept malware is ready that allows attackers to gain access to and remotely control users’ USB smart card readers, said researchers at malware.lu, a Luxembourg-based malware analysis and incident response team.

There are plenty of uses for smart cards (chip cards), among which are user identification and authentication.

RELATED STORIES
New Java Attack in Exploit Kit
Malware with Terms of Service Pact
Simple Works for Malware Writers
LinkedIn Emails lead to BlackHole

Spanish and Belgian citizens already have an eID card used for identification, authentication and for digital signing. Banks issue smart cards to customers who opted for two-factor authentication when accessing their online banking service, and there are companies that give them out to employees in order for them to be able to authenticate themselves when accessing the corporate network from a remote location.

The malware works by installing on the victims’ computer a special driver that shares the USB reader over TCP/IP, while another driver on the attacker’s computer is able to translate that signal and make it look like the device is physically attached to his computer, the researchers said.

The researchers tested the malware with smart cards issued by Belgian banks and with the eID card issued by the Belgian government, and they found it works. The researchers now think it will work with other smart cards and other readers just as well.

The malware also has a keylogger component, making it possible for attackers to harvest any of the PINs or passwords used with the cards, but only if the reader does not have its own keypad.



Leave a Reply

You must be logged in to post a comment.