Researchers recently revealed an attack called Minerva which will allow hackers to obtain private keys for signing encryption operations. After obtaining the private key, the hacker can clone the encrypted smart card and decrypt the encrypted data in the open-source encryption library.
The researchers pointed out that there are problems with the ECDSA and EdDSA algorithms used to sign cryptographic operations in the Atmel Toolbox crypto library. After the attacker has recorded enough signed cryptographic operations, the attacker can calculate a private encryption key that signs these operations. The Minerva attack will affect Athena IDProtect smart cards manufactured before 2015 with the Inside Secure AT90SC chip and using the Atmel Toolbox 00.03.11.05 encryption library. The smart card can be used as an access card, shopping/gift card, bus card or medical insurance card. In addition, the smart cards of Valid, SafeNet and TecSec may also be affected.
Experts say that it is easier to obtain an encryption key by attacking the encryption library than attacking a smart card. Therefore, it is more urgent to update the affected open-source password database.