The goal of smart card security audit is to reveal inherent implementation vulnerabilities in physical layer of contact or contactless smartcards, card’s application layer and software used by readers/writers.
Smart card Security Audit – features:
- all ISO 15693, ISO/IEC 14443 based-cards supported with a special focus on Mifare and HID_Global
- physical layer analysis (e.g. analysis if cards use secure authentication protocols)
- application layer analysis (e.g. analysis if the application use secure hashes, digital signatures, encryption algorithms over personal data)
- architecture analysis (e.g. what information can be stored offline, which definitely not)