Smart card reader security

Werner Koch wk at
Fri Oct 18 10:13:03 CEST 2013

On Thu, 17 Oct 2013 17:55, christian.weinz at said:

> I bought a cyberJack go [1] to use it with my openPGP smart card for
> authentification. Since the firmware of that device is upgradeable and
> is capable of saving atleast 2 GB of data, how can I be sure it is not a

This is not just a reader but an identification token with lots of
embedded and upgradable software.  It has already been shown that such
smart cards readers are fun to play with.  IIRC, there have been
demonstrations turning the doctors health card terminals and PIN+chip
terminals into space invaders consoles.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list