A Historical Look at Hardware Token Compromises
This presentation examines the details behind successful hardware attacks of early authentication tokens: two USB devices and one iButton device. We’ll be looking at the methods used to compromise the devices and gain access to private data stored on them without having legitimate credentials. Our attacks were based on an approach of using only common, off-the-shelf tools, yet we still succeeded in defeating the security features. Both USB devices have since been updated to prevent the attacks mentioned in this presentation. While learning from history is important to avoid repeating the same design mistakes, we’ll also look at some of the newer authentication tokens and hypothesize about potential attacks.