Security researcher Eric Sesterhenn of X41 D-SEC GmbH has unearthed a number of vulnerabilities in several smart card drivers, some of which can allow attackers to log into the target system without valid credentials and achieve root/admin privileges.
“A lot of attacks against smart cards have been performed in the past but not much work has focused on hacking the driver side of the smart card stack [the piece of software that interacts with chip cards when a card is inserted into reader]. Smartcard drivers present a very interesting target from the attackers point of view since they contain multiple parsers and usually run with high privileges (e.g. root on linux systems),” Sesterhenn pointed out.
Leave a reply