We performed some experiments on the low-level APDU protocols of several smartcards and authentication tokens. Results include sensitive cryptographic keys in the clear, PINs in the clear or easily reversible, stateless protocols that allow easy injection of commands and restrictions on key use enforced at the PKCS#11 (driver) level that are trivially bypassed at the APDU level.
Our findings will be presented in September at the 19th International Symposium on Research in Attacks, Intrusions and Defenses – RAID 2016 (a preprint of the paper is available here).
We have published a summary of the paper.