Security
Palm OS Password Lockout Bypass
The Palm Operating System (OS) Security application provides “system lockout” functionality in which the Palm device will not be operational until the correct password is entered. The password is also used to protect and hide records by marking them as “Private.” A backdoor exists in Palm OS which provides source and assembly level debugging of executables and the administration of databases existing on the physical device. [ continue ]
DS1991 MultiKey iButton Dictionary Attack
Dallas Semiconductor’s (now Maxim Integrated Products) iButton devices are hardware tokens deployed globally in applications such as cashless transactions, stored-value debit/electronic wallets, software copyright protection, user authentication, and access control. Each dime-sized device contains a 64-bit unique identifier and various sizes of memory storage.The DS1991 makes use of three distinct passwords to protect three secure data areas within the device. The discovered vulnerability, detailed in this advisory, potentially allows an attacker to determine the passwords used to protect these secure areas, thus gaining access to the protected data. Depending on the application, such data could include financial information, data representing monetary units, or user registration/identification information. [ continue ]
RSA SecurID Algorithm Cryptanalysis
This short paper examines several discovered statistical irregularities in functions used within the RSA Security’s SecurID algorithm: the time computation and final conversion routines. Where and how these irregularities can be mitigated by usage and policy are explored. The primary concern is the possibility to generate a complete cycle of tokencode outputs given a known secret, which is equivalent to the cloning of a token device. [ continue ]
SafeWord e.iD Palm Authenticator PIN Extraction
Secure Computing’s SafeWord is a user authentication and access control suite which uses various hardware and software token devices for the creation of dynamic, one-time passwords. The e.iD Palm Authenticator, which runs on a Palm handheld device, generates the one-time-password response. A Palm OS .PDB file is created for each user and loaded onto their Palm device. By gaining access to the .PDB file, the legitimate user’s PIN can be determined within hours through a series of DES encrypt-and-compares. [ continue ]
Attacks on USB Hardware Token Devices
This paper presents the methods used to attempt access to private data stored in Universal Serial Bus (USB) hardware authentication tokens without having legitimate credentials. We look at the current state-of-the-art products of the commercial world. Our research is based on an approach of using only common, off-the-shelf tools, yet we still succeed in defeating the security features and gaining access to private data. We also examine other areas that may be susceptible to attack. Countermeasures and design changes that will enhance the security of such devices are proposed. [ continue ]