Amphi H of Ensimag
7 January 2009 - 13h30
Code Injection in Smart Cards
by Jean-Louis Lanet from Universite de Limoges XLIM
7 January 2009 - 13h30
Code Injection in Smart Cards
by Jean-Louis Lanet from Universite de Limoges XLIM
Abstract: Presentation of Embedded System (In)Security Workshop
We present a method to create an hostile ill-formed applet in Javacard if an attacker has the rights to download applet in the smart card and the card has no bytecode verifier. For this we use two weakness in the Java card specifications 3.0 (the classic edition) : one about static fields not checked by firewall under certain conditions, and another one about the on-board linking process. Once downloaded, our malicious applet is able to search for pattern in other applets (even if they are not in the same package and we have no rights on them) and replace bytecodes to bypass important security checks.