Tag Archives: logical attack

Logical Attacks in the Java Card security landscape

Logical attacks on Java Card have been known for a long time, and they have also been a focus of a lot of academic research, which still continues today. Earlier this week at Cardis 2016, there have been two presentations on logical attacks. I will not discuss the details of the attacks that are being […]

Fiction (maybe): Who will refuse to break a secure element?

Apple is refusing to break an iPhone for the FBI. I believe that they are right to do so, but also that this position isn’t that easy to stand for everybody. So, here is a little fiction (well, I think it is fiction) about this. The iPhone is a secure device, so the best way […]

The Off-Card Bytecode Verifier is fine, thank you!

REWRITTEN on 23 Nov. 2013. A few weeks ago, a friend sent me a link to the Cardis program, with the message “A bug in the verifier?”. Looking at the program, I saw a paper entitled Manipulating frame information with an Underflow attack undetected by the Off-Card Verifier, by Thales Communications and Security. This sounded […]

About e-Smart: Java Card attacks

I was not at e-Smart this year, but here are some early reports from colleagues who attended the sessions. Over the coming days, I will comment on a few selected presentations. First, one of my favorite topics, which was covered Friday morning: attacks on the Java Card platform. There were two presentations this morning on […]

Live from #esmart: Fault attacks on Java Card 3.0

That talk, from Guillaume Barbu, an Oberthur and Telecom ParisTech Ph.D. student, really talks to me, by bringing together two of my favorite discussion topics. The main task is about combined attacks, which sounds really good. A Java Card 3.0 card has plenty of countemreasures against logical attacks Context isolation. Objects from an application can’t […]

Factories are not safe any more …

It seems that some payment terminals have been rigged with a device that collects card information and sends it “home” (somewhere in Pakistan, apparently). Now, the really interesting part is that this little addition to the device seems to have been done during their production process, apparently in China. The news still needs further confirmation […]

Adam Gowdiak strikes again

Adam Gowdiak made a name for himself in the J2ME community in 2004, by publishing at the Hack-In-The-Box conference a paper about a nice attack on a Nokia device, based on a flaw he found in the bytecode verifier used at the time. He is back in the news this summer, with an undisclosed hack […]