If you think that having a USB Token Smartcard is extremely secure for Digital signatures or other activities, you may be wrong! The research done by Paul Rascagneres can remotely give access to victims smartcard!
What makes the attack unique is it uses a keylogger to get the PIN or password and exports the complete USB device in raw to a command and control server (C&C) and uses a device driver to let the attacker use the victims smartcard remotely!
The attack also impacts the eID (Belgium identity card) and millions of USB Tokens for Digital Signatures in India by Directors, Secretaries and CA firms for filing returns and signing corporate documents!
To be showcased at MalCon next month - we asked Paul a few questions:
Does the malware infect the PC or the smartcard?
- The malware infects the PC not the hardware.
So the attacker can use the smartcard of the victim remotely?
- Exactly, the attacker can remotely use a smartcard connected to an infected computer.
What makes this attack unique?
- the attack is unique because I never see a sample that export USB device in raw to a C&C (some malware use smartcard API but never export the device).
What all kind of smart cards can be targeted using this approach? Can you list the most popular ones across the world?
- the malware works on every USB smartcard
Are any smart card devices used by companies like RSA affected?
- if RSA uses smartcard connected on USB, the malware may works
You can meet Paul Rascagneres in person when he will be visiting India to demonstrate the research live at the International Malware Conference, MalCon on 24th November, New Delhi!