Kobil’s smart card reader hacked using unsigned firmware
03 June, 2010
category: Contactless
H Security reports that Kobil’s smart card readers have been hacked with a Windows tool and unsigned firmware, granting thieves access to PINs and other secure data.
The Kobil readers in question have been tested by the German Federal Office for Information Security and certified as compliant with the rigorous German Signature Law (SigG).
A hacker by the name of Colibri has informed Kobil about the vulnerability and released a report that explains the procedure of the “intermediate” level hack and provides the necessary Windows tool and firmware updates.
According to H Security, the German Federal Network Agency has issued a warning about the security issue, but new firmware still hasn’t been certified.
Prof. Dr. Rainer W. Gerling of The Max Planck Society for the Advancement of Science told H Security, “This hack shows that the quality of a certification depends on the creativity and imagination of the tester. This is a fundamental problem of certifications.”
Read more here.