Factoring RSA keys from certified smart cards

&gt; MOICA estimates that approximately 10000 cards were deployed in non-FIPS mode as a result of &quot;human error&quot;.<p>While it&#x27;s bit silly that the so called secure cards can be configured into non-secure modes, I think it&#x27;s important to note that again we have the human factor messing our nice cryptosystems. The security of the FIPS mode might be questionable too due the behaviour of the HW RNG, it should still improve the security significantly over the non-FIPS mode which was the one found broken in this analysis.

I got one for filing tax report. Is there a way for an non-expert like me to tell whether the one I have is vulnerable to attack?

Dan Goodin from Ars Technica shares more details about the paper:<p><a href="http://arstechnica.com/security/2013/09/fatal-crypto-flaw-in-some-government-certified-smartcards-makes-forgery-a-snap/" rel="nofollow">http:&#x2F;&#x2F;arstechnica.com&#x2F;security&#x2F;2013&#x2F;09&#x2F;fatal-crypto-flaw-in...</a>

I&#x27;m curious why they chose these particular cards. Cards from Gemalto seem like a more obvious choice (to me).