All it took was for a University of Virginia student to finally outsmart the popular SMART cards. Karsten Nohl was reported to have successfully broken the encryption code in RFID (or radio frequency identification) chips used in smart cards.

RFID chips can be used for identifying products using radiowaves. These chips act as tags that can be “read” from a certain distance, even beyond the line of sight of the RFID reader. The use of smart cards has been widely popular and successful especially in Western countries. These all-in-one cards contain personal data of its users, allowing people to conduct a variety of financial and legal transactions.

Nohl tested the MiFare Classic, an RFID chip manufactured by NXP Semiconductors. MiFare Classic is used by up to 2 billion smart cards globally. Nohl claims that the problem lies within the said card’s weak encryption, and now, he is able to duplicate a typical smart card and use it to open door locks. And all he needs is a laptop, a scanner and quite a short time before he gets to do his thing.

When asked how long he can do the duplication process, Nohl said he only needs two minutes. Since smart cards use radiowaves, Nohl can just pass by a person with a smart card, and with his laptop and scanner in his backpack, can easily scan the card. He can do the same for a mounted reader. With enough information on his hands, he can determine the cryptographic key and produce a working, duplicate card.

Sounds very trivial? Most smart cards are used in buses and commuter trains; but if you consider the doors and locks protecting government facilities and other vital installations–now that’s BIG. Falling into the wrong hands, this security loophole can be and will surely be used in high profile heists and break-ins, seemingly straight from a James Bond movie. Companies and organizations should look closely into this development to safeguard their assets as crimes can soon be, literally, knocking on their doorstep.

The myriad of possibilities that hackers can exploit now seems limitless. Just recently, security researchers discovered another apparatus that is vulnerable to possible hacking, this time a heart device, The New York Times reports.

The report says it is possible to obtain wireless access to a certain cardiac device which is a combination of heart defibrillator and pacemaker, enabling the person to fully control it. Both devices are used to restore the normal rhythm of the heart through electric shots. When controlled, an unauthorized user can alter the device to shut down or even to fire electric jolts, a truly “heart-stopping” scenario.

According to Ivan Macalintal, Advanced Threats Analyst, it might be too expensive to launch such an attack because of the value of the equipments involved. This story, however, proves that no gadget is safe from hacking. A number of electronic devices/gadgets have been previously found to be vulnerable to similar hack attacks: from printers to digital photo frames and photocopiers. Now, even advancements in medicine are a potential avenue that bad guys can exploit. 

We’ve seen all sorts of stuff being advertised by spam, from the salacious to the more innocent. Falling into this latter category is a recent type of spammed email message that our spam traps have caught: those advertising free screensavers (as shown below).

That may not sound harmful at all, but when one clicks on the link within the message, he/she is led to a Web site that entices him/her to download a free screensaver. Here’s a screenshot of the said site:

Again, there’s no harm in that, right? Wrong.

When a user chooses to download a screensaver from those offered by the legitimate-looking site, he/she is actually downloading a malicious file onto his/her system.

The said file is detected by Trend Micro as WORM_SOCKS.D.

Information and screenshots provided by Content Security Team

Barely a week after search results of the Web sites of ZDNet Asia and TorrentReactor were found to be iFramed, two more high-traffic sites are seen to have been attacked in a similar manner, if not by the same malicious users as those behind the first.

Independent Security Researcher Dancho Danchev posted in his blog that search engines of Wired.com (a technology trend site related to Wired magazine) and History.com (the History Channel’s site) are injected with malicious codes as well, handing users infected results.

The latter two Web sites are also caching search results like the previous two. Because inputs are not validated in their search engines, executable codes are easily submitted and are automatically executed when a user accesses a cached page with popular search keywords.

Danchev lists these other sites currently affected by this type of attack:

• fhp.osd.mil
• hcc.cc.gatech.edu
• buffalo.edu
• uninews.unimelb.edu.au
• uvm.edu
• jurist.law.pitt.edu
• bushtorrent.com
• torrentportal.com

An attack like this relies on the popularity of search terms without malicious users actually embedding iFrames on hosts.

Trend Micro researchers are further looking into the malware involved in this attack.