Full Report
Today’s smart cards such as banking cards and smart corporate badges are capable of running multiple tiny applications which are often written in high level programming languages like Java or Microsoft .NET and compiled into small card resident binaries. It is a critical security requirement to isolate the execution context and data storage of these applications in order to protect them from unauthorized access by other malicious card applications. To satisfy this requirement, multi-application smart cards implement an “Application Firewall” concept in their operating system which creates an execution sandbox for card applications.
Analysis Summary
This summary is based on the provided context, which describes a presentation revealing vulnerabilities in .NET smart card operating systems concerning the Application Firewall mechanism. Since the provided text is a *description* of a talk rather than a detailed security advisory containing specific CVEs, severity scores, or patch details, the summary will reflect the information *mentioned* or *implied* by the context.
# Vulnerability: Application Firewall Bypass in .NET Smart Card OS
## CVE Details
- CVE ID: N/A (Specific CVEs not detailed in the summary text)
- CVSS Score: N/A (Severity not explicitly scored in the summary text)
- CWE: N/A (Specific weakness type not detailed in the summary text, implied Sandbox Evasion)
## Affected Systems
- Products: Smart cards utilizing a .NET-based Operating System implementing an "Application Firewall" concept for multi-application isolation.
- Versions: Specific vulnerable versions are not listed.
- Configurations: Cards hosting multiple applications where execution isolation via the Application Firewall is critical.
## Vulnerability Description
Smart card operating systems use an "Application Firewall" concept to sandbox applications written in languages like Java or .NET, ensuring execution contexts and data storage are isolated. The vulnerability demonstrated allows an attacker to bypass this mandatory execution isolation sandbox, potentially allowing one malicious card application to access the resources or execution space of another legitimate application. The presentation highlighted the exploitation of a "**public key token spoofing**" vulnerability.
## Exploitation
- Status: PoC available (Demonstrated at 44con using the HiveMod tool)
- Complexity: Implied Medium to High (Requires specialized tools like HiveMod and understanding of the card OS)
- Attack Vector: Physical (Involves interaction with the smart card)
## Impact
- Confidentiality: High (Unauthorized access to protected application data)
- Integrity: High (Potential to manipulate execution or data belonging to other applications)
- Availability: Medium (Potential to disrupt legitimate application execution)
## Remediation
### Patches
- Specific patch information or versions are not provided in the article context. Remediation relies on updates from the smart card OS vendor.
### Workarounds
- No specific workarounds were mentioned in the provided summary text. Security hardening by the card ecosystem supplier would be necessary.
## Detection
- Detection mechanisms were not detailed in the provided summary text. Detection would likely involve monitoring card OS integrity checks or specific communication patterns indicative of the “public key token spoofing” utilized during the bypass.
## References
- SensePost 44Con Talk materials (Link inferred from context and presentation topic)