CVE-2019-15809
Description
Smart cards from the Athena SCS manufacturer, based on the Atmel Toolbox 00.03.11.05 and the AT90SC chip, contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because the Atmel Toolbox 00.03.11.05 contains two versions of ECDSA signature functions, described as fast and secure, but the affected cards chose to use the fast version, which leaks the bit length of the random nonce via timing. This affects Athena IDProtect 010b.0352.0005, Athena IDProtect 010e.1245.0002, Athena IDProtect 0106.0130.0401, Athena IDProtect 010e.1245.0002, Valid S/A IDflex V 010b.0352.0005, SafeNet eToken 4300 010e.1245.0002, TecSec Armored Card 010e.0264.0001, and TecSec Armored Card 108.0264.0001.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CVE-2019-15809 describes a timing side-channel in ECDSA signature generation on certain Athena SCS smart cards. An attacker measuring the duration of signing operations can recover the private key.
Vulnerability
CVE-2019-15809 is a timing side-channel vulnerability in ECDSA signature generation on smart cards manufactured by Athena SCS (and rebranded by other vendors). The vulnerable cards use the Atmel Toolbox 00.03.11.05, specifically the "fast" version of the ECDSA signature functions, which leaks the bit-length of the random nonce via timing [1][2]. The affected cards include Athena IDProtect (010b.0352.0005, 010e.1245.0002, 0106.0130.0401), Valid S/A IDflex V (010b.0352.0005), SafeNet eToken 4300 (010e.1245.0002), and TecSec Armored Card (010e.0264.0001, 108.0264.0001) [1]. These use the AT90SC chip from Inside Secure [3].
Exploitation
A local attacker who can obtain the required number of ECDSA signatures and measure their duration accurately can exploit this vulnerability. The attack requires a standard smart-card reader and a typical Linux laptop [1]. The attacker collects 2100 signatures on known messages for the secp256r1 curve; after collection, the private key can be recovered in a few minutes of processing on an ordinary computer using lattice techniques [1]. The total attack time, including signature collection and computation, is approximately 30 minutes [1]. The attack requires only a local attacker with physical access or the ability to interact with the card over a local interface; no privileged access is needed to initiate the signing operations [1][2].
Impact
Successful exploitation allows a local attacker to recover the full long-term ECDSA private key from the card [1][2]. This leads to complete compromise of the cryptographic identity, enabling the attacker to forge signatures, authenticate as the card's legitimate user, or decrypt any data protected by that key [2]. The impact is total loss of confidentiality, integrity, and authenticity for any system relying on the affected smart card for security.
Mitigation
The vulnerability is inherent in the Atmel Toolbox 00.03.11.05 firmware used on the affected cards [1]. As of the published date, no firmware update or patch is available. The Minerva research project recommends that affected cards use the "secure" (constant-time) version of the ECDSA functions if provided by the vendor [1]. Users should replace vulnerable cards with newer models that are not affected or switch to hardware implementing constant-time scalar multiplication [1][4]. The vulnerability is not currently listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Athena SCS/Smart cardsdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The Atmel Toolbox 00.03.11.05's "fast" ECDSA signature function leaks the bit length of the random nonce via timing, enabling a local attacker to recover the private key through timing side-channel measurements."
Attack vector
A local attacker measures the duration of hundreds to thousands of ECDSA signing operations performed by the affected smart card. The "fast" variant of the ECDSA signature function in Atmel Toolbox 00.03.11.05 leaks the bit length of the random nonce through timing variations [ref_id=1]. By collecting enough timing measurements, the attacker can apply lattice-based techniques (the Hidden Number Problem) to compute the private key [ref_id=1]. The attacker must have local access to the card and the ability to precisely time signing operations.
Affected code
The bundle does not name specific source files or functions. The vulnerability resides in the "fast" version of the ECDSA signature generation function within Atmel Toolbox version 00.03.11.05, used on the AT90SC chip [ref_id=1]. The affected products include Athena IDProtect, Valid S/A IDflex V, SafeNet eToken 4300, and TecSec Armored Card variants [ref_id=1].
What the fix does
The advisory does not provide a specific patch, but identifies that the affected cards chose the "fast" version of the ECDSA signature function over the "secure" version available in the same Atmel Toolbox 00.03.11.05 [ref_id=1]. The recommended remediation is to use the constant-time "secure" variant of the ECDSA signing function, which does not leak the nonce bit length through timing. No published fix for the specific affected card products is documented in the bundle.
Preconditions
- networkLocal access to the smart card (e.g., via a card reader)
- inputAbility to trigger hundreds to thousands of ECDSA signing operations on the card
- inputAbility to measure the duration of each signing operation with sufficient precision
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- www.openwall.com/lists/oss-security/2019/10/02/2mitremailing-listx_refsource_MLIST
- csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/detailsmitrex_refsource_MISC
- eprint.iacr.org/2011/232.pdfmitrex_refsource_MISC
- minerva.crocs.fi.muni.czmitrex_refsource_MISC
- tches.iacr.org/index.php/TCHES/article/view/7337mitrex_refsource_MISC
- www.ssi.gouv.fr/certification_cc/bibliotheque-cryptographique-atmel-toolbox-00-03-11-05/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.