Background
-------------------

Acer Travelmate 600, 800 series notebooks include a smartcard reader, =
two smartcards and a security application called Platinum Secure.  The =
smart card security system  should prevent access to the console while =
the smartcard is not present or when password has not been entered. =
However, with a simple test, a limited access is possible to bypass the =
security system.

Vulnerable systems
-------------------------------

All Travelmate notebooks 600, and 800 series that has smartcard security =
system installed (Platinum Secret). This includes the latest notebooks =
650XCI/LCI, Centrino-based 800XCI,LCI.  These notebooks are running old =
Platinum Secret version 1.0.84.  It is unknown whether the newest =
version 2.6.1 (Available from the vendor 360Degreeweb.com) would have =
fixed the issue.  The software is not available for retail, and only =
sold through OEM or Corporate channel.

Vulnerability
--------------------

1. When smartcard is not present and Platinum Key enabled (prevent =
access without smartcard), it is possible to access the console by :
a. Pressing Control-Escape multiple times, this will give the attacker =
few seconds of Windows Task Bar. Each time will give attacker 1-3 =
seconds of console display
b. Upon seeing Windows Task Bar, Confidentiality is breached by =
providing information of frequently accessed application, history of =
find and Run command, Access to Start menu
c. It is possible to click on the frequently accessed application, and =
run the application

2. If the host can be compromised via network (Windows networking, =
Trojan, etc) to install a certain application, and somehow create a =
shortcut for that program to be displayed under most frequently used =
application.  The attacker can press Control-Escape and click on that =
shortcut to run the exploit for further compromise (file server to =
transfer file, etc )

3. This is further possible for lack of security awareness by leaving =
desktop turned on (even locked with smartcard) and leave it connected =
network or lack of physical security

Vendor Response
---------------------------

Acer Singapore has been advised for at least three weeks, and they can't =
commit to provide any upgrade or solution for this.  Hence the purpose =
of this advisory to eliminate the sense of false security of Notebook =
owners by having two factor security on the notebook.  It also shows =
that the vendor is not committed to mitigate the vulnerability.

Disclaimer
The information in this bulletin is provided "AS IS" without warranty of =
any kind.=20
In no event shall we be liable for any damages whatsoever including =
direct, indirect, incidental, consequential, loss of business profits or =
special damages.=20