AES Cipher Engine Bufferoverflow in NXP JCOP 4
Posted: Fri Jan 08, 2021 11:30 am
I have discovered independently a vulnerability in the JCOP 4 smart cards I recently purchased from JavaCardOS store (J3R180) to have a bufferoverflow vulnerability in the AES cipher algorithm.
The vulnerability works by using the Cipher.update() function on the AES Cipher object and continuously updating the Cipher with more than 16592 bytes of data. This will cause an internal memory bufferoverflow to occur and incorrect output results will begin to appear in the output due to memory corruption.
I have officially communicated the discovery to NXP PSIRT team and they have acknowledge that the discovery is an old issue and the J3R180 I have received is most likely an older firmware version.
Here is the reply from NXP:
Our team confirmed that the issue was previously known and described in the Anomaly Sheet with the number as511114.
You should be able to access this sheet via your purchasing channel.
@JavaCardOS,
Please ensure that the J3R180 with AS511114 has the latest patch firmware installed to avoid such issues.
To replicate the issue, simply create or import any AES keysizes and create any AES Cipher object with AES-CBC cipher mode. Any padding mode will work. Call the update() with more than 16592 bytes of data to update and on an unpatch firmware, it will start to produce incorrect results after 16592 bytes which have been confirmed by NXP.
The vulnerability works by using the Cipher.update() function on the AES Cipher object and continuously updating the Cipher with more than 16592 bytes of data. This will cause an internal memory bufferoverflow to occur and incorrect output results will begin to appear in the output due to memory corruption.
I have officially communicated the discovery to NXP PSIRT team and they have acknowledge that the discovery is an old issue and the J3R180 I have received is most likely an older firmware version.
Here is the reply from NXP:
Our team confirmed that the issue was previously known and described in the Anomaly Sheet with the number as511114.
You should be able to access this sheet via your purchasing channel.
@JavaCardOS,
Please ensure that the J3R180 with AS511114 has the latest patch firmware installed to avoid such issues.
To replicate the issue, simply create or import any AES keysizes and create any AES Cipher object with AES-CBC cipher mode. Any padding mode will work. Call the update() with more than 16592 bytes of data to update and on an unpatch firmware, it will start to produce incorrect results after 16592 bytes which have been confirmed by NXP.