USB Smart Card Readers for Network Access Authentication are Still Safe.
A number of online computer news sites are abuzz about a security team’s prototype malware that hijacks USB smart card readers. It seems that a research team out of Luxembourg has issues a “Proof-of-Concept” malware attack that can take over your USB smart card reader. While any malware notice is important and needs to be monitored, business may be wondering the severity of the attack and if they need to rip out their smart card infrastructure because their network access authentication is in jeopardy.
Here are my thoughts:
- This is only a proof-of-concept and not a deployed attack.
- Every piece of computer hardware and software are susceptible to malware.
- Security relies on many barriers and layers. If you’re vulnerable to one attack you probably are vulnerable to many others.
- If the computer is vulnerable to malware, then other more dangerous programs will more likely be installed like key loggers or the Zeus Trojan Horse. In that case there is probably no need to attack the smart card since these other programs are far more destructive.
Companies don’t need to rip out all their smart card readers and replace them with the expensive keypad ones. Smart card reader companies will look into the potential malware vulnerability and make whatever driver modifications necessary. IT needs to keep an eye out for any driver updates and install them.
Finally, security has many levels and points of attacks. If you are concerned about your company’s vulnerability then contact a consultant and ask for a security assessment. We list some leading companies on our site under the partners tab.