SERMA Safety and Security reveals a major vulnerability in the Java Card operating system
Nov 21

On November 12th, at the CARDIS conference in Germany, SERMA Safety and Security will present its research paper. This international conference brings together experts in the field of embedded security (academics, evaluators, developers, schemes representatives, etc.). This paper is the result of extensive research conducted by Jean Dubreuil, software technical manager at SERMA Safety and Security and Guillaume Bouffard, PhD – Embedded Systems Security Researcher at ANSSI.

The paper will present the Java Card technology, mostly used for running applications in smart cards. To build and compile a Java Card application, an image of the Java Card Virtual Machine (JCVM) implementation is required. This image provides information about the available application programming interface (API). This paper focuses on how class inheritance is translated into the virtual machine during the compilation and loading process. SERMA Safety and Security has managed to corrupt the system in order to redefine the class hierarchy that leads to malicious code execution.

To take part in the conference, please register here.

Partagez l'article :