Penetration Testing mailing list archives
Re: Questions on GSM Penetration test
From: Wouter Slegers <wouter () yourcreativesolutions nl>
Date: Thu, 31 Jan 2002 15:54:25 +0100
On Sun, Jan 27, 2002 at 10:00:25PM +0100, Tom Buelens wrote:
What would you mean by "peal off"? Would that be some kind of physical tampering? Most smart cards often have some kind of "Tamper Resistant Sealing". Also if you try to peal of the adhesive coating, you will most probably break the delicate fuse wire which most Smart Card companies run in that adhesive coating, thereby making the whole smart-card completely useless."The Netherlands Organisation for Applied Scientific Research" has the tools for 'pealing' of the chip layer by layer (thus not the card).
They are BTW very good at what they do.
Again I do not know the exact technology they use but it is not just your ordenary knive and skrewdriver.
Some of these attacks can be done with standard tools available in a university lab, see Markus Kuhn at al in <URL:http://www.cl.cam.ac.uk/ Research/Security/tamper/>. IBM has very interesting research on defense. For non-invasive techniques, look for side-channel attacks in cryptography such as the power analysis attackt (DPA, SPA etc).
More like elektron microscope and the likes. And I do not think they are the only ones on the planet who can.
No, they are not the only ones. Reverse engineering of semiconductors is common and has a legitimate role in quality control, research and search for patent infringements. To get an idea of the proliferation of this kind of work, just take a look at the doodles found in chips in the Silicon Zoo <URL:http://micro.magnet. fsu.edu/creatures/> and imagine how many chips need to be looked at in that kind of detail to make a collection that large.
Tom, if what you are saying is correct, people can make large amounts of money, just copying smart cards with applications like "Pre Paid Telephone Cards", "Electronic Purses" etc.
Labs like these are not cheap :-) Even so, a smart (no pun intended) implementer of a system with smartcards makes sure that the compromise of a few of them does not make the whole system insecure, for example by changing the cryptographic keys every batch of X-thousand cards. You're looking to make the costs of cracking one and making the counterfeits too high to make a decent profit (the badguys are in it for the money too). VISA has an extensive model for calculating the costs for an attacker, for just this purpose. Balancing this against the additional costs of the security (remember, this is a bulk, low-profit-per-unit market) is non-trivial. With kind regards, Wouter Slegers -- Wouter Slegers Your Creative Solutions "Security solutions you can trust and verify."
Attachment:
_bin
Description:
Current thread:
- Detecting if SecureIIS from Eeye is installed Sacha Faust (Jan 22)
- Re: Detecting if SecureIIS from Eeye is installed Ryan Permeh (Jan 23)
- Questions on GSM Penetration test ricci_ieong (Jan 24)
- Re: Questions on GSM Penetration test Tom Buelens (Jan 25)
- Re: Questions on GSM Penetration test M Lister (Jan 26)
- Re: Questions on GSM Penetration test Tom Buelens (Jan 27)
- Re: Questions on GSM Penetration test M Lister (Jan 27)
- Re: Questions on GSM Penetration test Tom Buelens (Jan 27)
- RE: Questions on GSM Penetration test Fernando Cardoso (Jan 28)
- Re: Questions on GSM Penetration test Wouter Slegers (Jan 31)
- Questions on GSM Penetration test ricci_ieong (Jan 24)
- Re: Detecting if SecureIIS from Eeye is installed Ryan Permeh (Jan 23)
- Re: Questions on GSM Penetration test Martin Tomasek (Jan 27)
- Re: Questions on GSM Penetration test John Adams (Jan 28)
- Message not available
- Re: Questions on GSM Penetration test Emmanuel Gadaix (Jan 27)