1. Attacking GlobalPlatform SCP02-compliant Smart Cards Using a Padding Oracle Attack 2018 Attacks CHES Hardware tches.iacr.org
    Gildas Avoine, Loïc Ferreira

    We describe in this paper how to perform a padding oracle attack against
    the GlobalPlatform SCP02 protocol. SCP02 is implemented in smart cards and
    used by transport companies, in the banking world and by mobile network operators
    (UICC/SIM cards). The attack allows an adversary to efficiently retrieve plaintext
    bytes from an encrypted data field. We provide results of our experiments done
    with 10 smart cards from six different card manufacturers, and show that, in our
    experimental setting, the attack is fully practical. Given that billions SIM cards are
    produced every year, the number of affected cards, although difficult to estimate,
    is potentially high. To the best of our knowledge, this is the first successful attack
    against SCP02.