Bypassing Smart-card Authentication and Blocking Debiting: Vulnerabilities in Atmel Cryptomemory-based Stored-value Systems

DEF CON 18

Presented by: Jonathan Lee, Neil Pahl
Date: Saturday July 31, 2010
Time: 13:00 - 13:50
Location: Royale 6-7-8
Track: Track 4

Atmel CryptoMemory based smart cards are deemed to be some of the most secure on the market, boasting a proprietary 64-bit mutual authentication protocol, attempts counter, encrypted checksums, anti-tearing counter measures, and more. Yet none of these features are useful when the system implementation is flawed.

Communications were sniffed, protocols were analyzed, configuration memory was dumped, and an elegant hardware man-in-the-middle attack was developed. From start to finish, we will show you how concepts learned from an introductory computer security class were used to bypass the security measures on a Cryptomemory based stored value smart card laundry system, with suggestions on how things can improve.

Jonathan Lee

Jonathan Lee is a Computer Engineering student from the University of British Columbia.

Neil Pahl

Neil Pahl is a recent graduate of the University of British Columbia in Electrical Engineering.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats