Major vulnerability discovered in credit card and passport chips

Secure microchips in credit cards, passports and a number of other devices may not be as secure as once thought, after a professor and his student in the Tel Aviv University discovered a way to extract information from the chips.

Professor Avishai Wool and PhD student Yossi Oren of the School of Electrical Engineering in the Tel Aviv University developed a way to break the security defences of microchips by combining modern cryptology methods with constraint programming, a programming method for solving complex equations.

A vulnerability was discovered in the chip’s power supply which fluctuates based on the type of information on it. The duo found that these minute fluctuations could be measured with an onscilloscope and the resulting data could be analysed to unlock the otherwise secure information.

Wool admitted that this method of attack is difficult, but he also revealed that they have developed a way to block out “noise” which previously made analysing the data tougher. With the noise blocked it becomes easier to extract sensitive data from a chip as the fluctuations become more consistent and accurate.

The research was presented at the 12th Workshop on Cryptographic Hardware and Embedded Systems in Santa Barbara, California, where Wool said: “We need to think like the attackers in order to raise the bar against them.” 

He added that companies needed to know how their chips could be cracked to truly know how secure they are and what kinds of threats microchips face from determined hackers.