If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!
Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.
Smartcards are secure and trustworthy. This is the idea smart card driver developers have in mind when developing drivers and smart card software. The work presented in this talk not only challenges, but crushes this assumption by attacking drivers using malicious smart cards.
We will present a fuzzing framework for *nix and Windows along with some interesting bugs found by auditing and fuzzing smart card drivers and middleware. Among them classic stack and heap buffer overflows, double frees, but also a replay attack against smart card authentication.
Since smart cards are used in the authentication process, a lot of vulnerabilities can be triggered by an unauthenticated user, in code running with high privileges. During the author's research, bugs were discovered in OpenSC (EPass, PIV, OpenPGP, CAC, Cryptoflex …), YubiKey drivers, pam_p11, pam_pkc11, Apple's smartcard-services and others.