Grand Idea Studio

Attacks on USB Hardware Token Devices

 

This paper presents the methods used to attempt access to private data stored in Universal Serial Bus (USB) hardware authentication tokens without having legitimate credentials. We look at the current state-of-the-art products of the commercial world. Our research is based on an approach of using only common, off-the-shelf tools, yet we still succeed in defeating the security features and gaining access to private data. We also examine other areas that may be susceptible to attack. Countermeasures and design changes that will enhance the security of such devices are proposed.

Both USB devices have since been updated to prevent the attacks mentioned in this paper.

Paper: Attacks on and Countermeasures for USB Hardware Token Devices

Published by Reykjavik University in the Proceedings of the Fifth Nordic Workshop on Secure IT Systems Encouraging Co-operation, Reykjavik, Iceland, October 12-13, 2000, pp 35-57, ISBN 99799483-0-2.

Press

IT Security Guru

Thank flaw finders, don't jail them

IT Security Guru

When the Senate met L0pht

IT Security Guru

Legacy of the L0pht