In addition, malware like TDL4 is known to be able to disable the driver signing policy on 64-bit versions of Windows 7 by using a boot-stage rootkit - bootkit - component that runs before the operating system is loaded.
However, a real attacker could sign the drivers with stolen certificates before distributing such malware. The drivers created by the researchers are not digitally signed with a valid certificate so they can't be installed on versions of Windows that require installed drivers to be signed, like 64-bit versions of Windows 7. However, if the smart card reader includes a physical keypad for entering the PIN, then this type of attack won't work, Rascagneres said. The malware prototype designed by the team has a keylogger component to steal those credentials when the users input them through their keyboards. In most cases, smart cards are used together with PINs or passwords. However, in theory the malware's USB device sharing functionality should work with any type of smart card and USB smart card reader, the researcher said. The Belgian eID allows citizens to file their taxes online, sign digital documents, make complaints to the police and more. Rascagneres and the team tested their malware prototype with the national electronic identity card (eID) used in Belgium and some smart cards used by Belgian banks. Also, some countries have introduced electronic identity cards that can be used by citizens to authenticate and perform various operations on government websites. Some companies use smart cards to remotely authenticate employees on their corporate networks. Some banks provide their customers with smart cards and readers for secure authentication with their online banking systems. Smart cards are used for a variety of purposes, but most commonly for authentication and signing documents digitally.
Rascagneres is scheduled to showcase how the attack works at the MalCon security conference in New Delhi, India, on Nov. Another driver installed on the attacker's computer makes it appear as if the device is attached locally. However, the proof-of-concept malware developed by the team takes this attack even further and shares the USB device over TCP/IP in "raw" form, Rascagneres said. There are already documented cases of malware that hijacks smart card devices on the local computer and uses them through the API (application programming interface) provided by the manufacturer.