About the vulnerabilities
Sesterhenn tested a number of open source smart card drivers developed by Yubico, OpenSC and the Apple Smart Card Services project.
He extended the company’s fuzzing framework and developed several tools that allowed him to test the OpenSC smart card stack, PCSC-based drivers on Linux and Winscard based smartcard drivers on Microsoft operating systems.
Most of the vulnerabilities he discovered are buffer overflows, out of bounds memory reads/writes, and logic bugs and successful exploitation of some of them can lead to code execution, DoS, and authentication bypass.
The flaws can be exploited via malicious smartcards.
All of the vendors and maintainers have been informed and some fixes have already been released (for
Yubico PIV, the
Apple Smart Card Services components).
The vulnerable
libykneomgr library (used by Yubico) won’t be updated because it’s deprecated, and OpenSC has not yet provided fixes for
OpenSC and the
pam-pkcs11 library, so X41 has decided to release
temporary bugfixes themselves.
Sesterhenn has presented his research at this year’s edition of DEF CON in Las Vegas.