Full Memory Read Attack on a Java Card
Source: Radboud University Nijmegen
The authors present a simple attack on a Java Card smart card to perform arbitrary memory reads. The attack utilises a known technique of type confusion of the card's Java Virtual Machine by exploiting the faulty transaction mechanism implementation. The type confusion attack lets them access the application's private meta-data, reverse engineer it, and in turn get full read and write access to arbitrary memory locations on the card. The attack gives one good insights into overall memory organisation of the card. They discuss the exploit in detail, including the exploit applet source code, to provide a reproducible attack. They shortly discuss the usefulness of an on-card Bytecode Verifier, that the exploited card is equipped with, and also the Java Card firewall mechanism deficiencies.