Communication with card reader encrypted?

Felix E. Klee felix.klee at inka.de
Sun Aug 26 09:48:31 CEST 2018


On Sun, Aug 26, 2018 at 12:31 AM, Dirk Gottschalk
<dirk.gottschalk1980 at googlemail.com> wrote:
> This is a really interesting question. But, does this really matter
> got an USB device? If there is a program on your computer, which
> interceps the communication, the security of you system is already
> broken.

I am more thinking about a hardware attack. If the communication is not
encrypted, this opens another attack vector. For comparison, think about
[key loggers][1]. Putting a hardware logger somewhere between the USB
peripheral device and the computer is potentially easier and quicker
than tampering with either the peripheral device or the computer.

Background: I want to put my SCM SPR332 v2 card reader into a different
enclosure, so that it’s more portable for [use with my mobile phone][2].
The very long cable also needs to be replaced. One option is to add a
USB port to the reader so that arbitrary cables can be used. This
thought coincided with me reading about [doctored USB cables][3]. I
don’t want to be required to trust three devices: phone, reader, and now
cable

[1]: http://www.taz.de/!5307828/
[2]: https://gist.github.com/feklee/92f76d2c8a7cabc477360d82b5305c19
[3]: <https://www.heise.de/security/meldung/USBHarpoon-Gefaehrliche-USB-
Ladekabel-vorgestellt-4142285.html>



More information about the Gnupg-users mailing list