Security Explorations discovered multiple security vulnerabilities in reference implementation of Java Card technology [1] from Oracle used in financial, government, transportation and telecommunication sectors among others.
According to Oracle, "Java Card technology provides a secured environment for applications that run on smart cards and other trusted devices with limited memory and processing capabilities. With close to six billion Java Card-based devices deployed each year, Java Card is already a leading software platform to run security services on smart cards and secure elements, which are chips used to protect smartphones, banking cards and government services" [2].
A total of 18 issues were successfully verified in the environment of the most recent Oracle Java Card 3.1 software from Jan 2019. One discovered issue was specific to Gemalto cards.
Discovered vulnerabilities make it possible to break memory safety of the Java Card Virtual Machine. As a result, full access to smartcard memory could be achieved, applet firewall could be broken or native code execution could be gained.
Security Explorations successfully demonstrated a Java Card weakness can be used to completely compromise the environment of Gemalto [3] SIM cards such as GemXplore3G and 3G USIMERA Prime. The company devised a novel method to read complete memory (256KB of FLASH and 384KB of ROM) of GemXplore3G card with the use of 16-bit JCRE references. Native code execution was also demonstrated for this card regardless of the Harvard RISC architecture of the underlying Samsung CalmRISC16 processor.
On Mar 20 2019, Security Explorations sent vulnerability notices to Oracle and Gemalto containing detailed information about discovered vulnerabilities.
Security Explorations offers comprehensive security analysis of Java based smartcards such as SIMs, banking and identity cards as part of company's newly introduced Java Card evaluation service.