Attacks on USB Hardware Token Devices
This paper presents the methods used to attempt access to private data stored in Universal Serial Bus (USB) hardware authentication tokens without having legitimate credentials. We look at the current state-of-the-art products of the commercial world. Our research is based on an approach of using only common, off-the-shelf tools, yet we still succeed in defeating the security features and gaining access to private data. We also examine other areas that may be susceptible to attack. Countermeasures and design changes that will enhance the security of such devices are proposed.
Both USB devices have since been updated to prevent the attacks mentioned in this paper.
Published by Reykjavik University in the Proceedings of the Fifth Nordic Workshop on Secure IT Systems Encouraging Co-operation, Reykjavik, Iceland, October 12-13, 2000, pp 35-57, ISBN 99799483-0-2.