Forwarded From: Brian Young <byoung@oru.edu>
http://www.nytimes.com/library/tech/98/06/cyber/articles/10smartcard.html
June 10, 1998
Cryptographers Discuss Finding
Of Security Flaw in 'Smart Cards'
By PETER WAYNER
A team of San Francisco-based computer scientists has spoken for
the first time openly about their discovery of a major new technique that
allows them to break the security system in tamper-resistant "smart cards."
The technique, which monitors the cards' power consumption to break
the codes, is a possible threat for some of the new digital transaction systems
being tested in Europe and New York and makes life more complicated for
computer security experts who often rely on these tamper-resistant cards to
keep out intruders.
The results have shaken up the smart card industry. John Beric, the
head of security for Mondex International, a company that uses the cards for
financial transactions, said in an interview this week that the company had
completely rewritten its software to deal with the threat. "We've changed our
mindset," he said. "We [write software] in a different way now."
Marc Briceno, the director of the Smartcard Developer's Association,
said of the development, "It's very real."
And Peter Neumann, a scientist at the SRI International, a think tank
based in Menlo Park, Calif., said the discovery had "enormous potential as
another technique for breaking weakly designed and badly implemented devices."
[snip.. see URL for rest of article]
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Sat Jun 13 12:20:02 1998