Comment cloner une puce logicielle SecurID (software token)

Sensepost a démontré sur son blog la semaine passée comment un attaquant déterminé peut dévier la protection offerte par les soft-tokens SecurID. On peut déduire les valeurs secrètes (seed) si on prend contrôle d’un système (ex.: vol de matériel, logiciels malveillants).

Last week’s blog post by SensePost’s Behrang Fouladi demonstrated another way determined attackers could in certain cases circumvent protections built into SecurID.

By reverse engineering software used to manage the cryptographic software tokens on computers running Microsoft’s Windows operating system, he found that the secret “seed” was easy for people with control over the machines to deduce and copy. He provided step-by-step instructions for others to follow in order to demonstrate how easy it is to create clones that mimic verbatim the output of a targeted SecurID token.

“When the above has been performed, you should have successfully cloned the victim’s software token and if they run the SecurID software token program on your computer, it will generate the exact same random numbers that are displayed on the victim’s token,” Fouladi wrote.

Attention aux gestionnaires de mots de passe intégrés aux Navigateurs

Cet article montre un parfait exemple pourquoi on doit éviter d’utiliser les gestionnaires intégrés (trop automatisés) dans les navigateurs web.

--

The article Abusing Password Managers with XSS « Neohapsis Labs is the perfect example for why we avoid using automated password submission features in web browsers (either built-in, plugins or other tools). We somehow need to reach a balance between security and ease-of-use.