Journal in Computer Virology

, Volume 6, Issue 4, pp 343–351 | Cite as

Developing a Trojan applets in a smart card

  • Julien Iguchi-Cartigny
  • Jean-Louis Lanet
Original Paper


This paper presents a method to inject a mutable Java Card applet into a smart card. This code can on demand parse the memory in order to search for a given pattern and eliminate it. One of these key features is to bypass security checks or retrieve secret data from other applets. We evaluate the countermeasures against this attack and we show how some of them can be circumvented and we propose to combine this attack with others already known.


Virtual Machine Smart Card Secret Data Malicious Code Differential Power Analysis 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Virtual machine specification, java card platform, version 3.0, classic edition (2008).
  2. 2.
    Global Platform Specification 2.2.
  3. 3.
    Girard P., Lanet J.L.: New security issues raised by open cards. Inf. Secur. Tech. Rep. 4(1), 4–5 (1999)CrossRefGoogle Scholar
  4. 4.
    Anderson, R., Kuhn, M.: Tamper resistance: a cautionary note. In: WOEC’96: Proceedings of the 2nd conference on Proceedings of the Second USENIXWorkshop on Electronic Commerce, p. 1. USENIX Association, Berkeley (1996)Google Scholar
  5. 5.
    Bar-El H., Choukri H., Naccache D., Tunstall M., Whelan C.: The sorcerer’s apprentice guide to fault attacks. Proc. IEEE 94(2), 370–382 (2006)CrossRefGoogle Scholar
  6. 6.
    Joint interpretation library application of attack potential to smartcards, v2.1, available at (2006)
  7. 7.
    Mostowski,W., Poll, E.: Malicious code on java card smartcards: Attacks and countermeasures. In: Proceedings of the Smart Card Research and advanced application conference (CARDIS 2008), pp. 1–16 (2008)Google Scholar
  8. 8.
    Vertanen O.: Java Type Confusion and Fault Attacks, Lecture Notes in Computer Science, vol. 4326/2006, pp. 237–251. Springer, Berlin (2006)Google Scholar
  9. 9.
    Witteman M.: Smartcard security. Inf. Secur. Bull. 8, 291–298 (2003)Google Scholar
  10. 10.
    Hyppönen, K.: Use of cryptographic codes for bytecode verification in smart card environment. Master’s thesis, University of Kuopio (2003). Available at

Copyright information

© Springer-Verlag France 2009

Authors and Affiliations

  1. 1.XLIM/DMI/SSDLimogesFrance

Personalised recommendations