[<prev] [next>] [day] [month] [year] [list]
Message-ID: <D1A45C664A2CCA4FB42F834834B3E7CB0164C359@siebe001.apac.nokia.com>
Date: Mon, 21 Apr 2003 12:10:43 +0800
From: <Leonard.Ong@...ia.com>
To: <bugtraq@...urityfocus.com>
Subject: ACER Travelmate 600 and 800 series - Smartcard flawed Implementation
Background
-------------------
Acer Travelmate 600, 800 series notebooks include a smartcard reader, two smartcards and a security application called Platinum Secure. The smart card security system should prevent access to the console while the smartcard is not present or when password has not been entered. However, with a simple test, a limited access is possible to bypass the security system.
Vulnerable systems
-------------------------------
All Travelmate notebooks 600, and 800 series that has smartcard security system installed (Platinum Secret). This includes the latest notebooks 650XCI/LCI, Centrino-based 800XCI,LCI. These notebooks are running old Platinum Secret version 1.0.84. It is unknown whether the newest version 2.6.1 (Available from the vendor 360Degreeweb.com) would have fixed the issue. The software is not available for retail, and only sold through OEM or Corporate channel.
Vulnerability
--------------------
1. When smartcard is not present and Platinum Key enabled (prevent access without smartcard), it is possible to access the console by :
a. Pressing Control-Escape multiple times, this will give the attacker few seconds of Windows Task Bar. Each time will give attacker 1-3 seconds of console display
b. Upon seeing Windows Task Bar, Confidentiality is breached by providing information of frequently accessed application, history of find and Run command, Access to Start menu
c. It is possible to click on the frequently accessed application, and run the application
2. If the host can be compromised via network (Windows networking, Trojan, etc) to install a certain application, and somehow create a shortcut for that program to be displayed under most frequently used application. The attacker can press Control-Escape and click on that shortcut to run the exploit for further compromise (file server to transfer file, etc )
3. This is further possible for lack of security awareness by leaving desktop turned on (even locked with smartcard) and leave it connected network or lack of physical security
Vendor Response
---------------------------
Acer Singapore has been advised for at least three weeks, and they can't commit to provide any upgrade or solution for this. Hence the purpose of this advisory to eliminate the sense of false security of Notebook owners by having two factor security on the notebook. It also shows that the vendor is not committed to mitigate the vulnerability.
Disclaimer
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
Powered by blists - more mailing lists