When Your Smart ID Card Reader Comes With Malware

Source

Millions of U.S. government employees and contractors have been issued a secure smart ID card that enables physical access to buildings and controlled spaces, and provides access to government computer networks and systems at the cardholder’s appropriate security level. But many government employees aren’t issued an approved card reader device that lets them use these cards at home or remotely, and so turn to low-cost readers they find online. What could go wrong? Here’s one example. A sample Common Access Card (CAC). Image: Cac.mil. KrebsOnSecurity recently heard from a reader — we’ll call him “Mark” because he wasn’t authorized to [...]