Another example is when the smartcard attacker invests a huge amount of money to reverse engineer a pay-TV access card. Then he disassembles the internal code from the card, learning everything that happens during authorisation and operation. Very likely he would be able to find vulnerabilities which give unlimited access to the subscription channels, for example, by applying a power glitch at just the right moment to cause a malfunction of the CPU. Once he succeeded he could either offer the subscription service at a very competitive price, or sell equipment for counterfeiting the card to malicious people. Obviously such an attacker needs to invest some capital to do this. But once he launches a pirate device on the market, it will be attacked by others.

Comments are closed.