Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

RSA SecurID software token cloning: a new how-to

From: InfoSec News <alerts () infosecnews org>
Date: Tue, 22 May 2012 01:39:25 -0500 (CDT)
http://arstechnica.com/security/2012/05/rsa-securid-software-token-cloning-attack/

by Dan Goodin
Ars Technica
May 21 2012
A researcher has devised a method attackers with control over a victim's computer can use to clone the secret software token that RSA's SecurID uses to generate one-time passwords.
The technique, described on Thursday by a senior security analyst at a firm called SensePost, has important implications for the safekeeping of the tokens. An estimated 40 million people use these to access confidential data belonging to government agencies, military contractors, and corporations. Scrutiny of the widely used two-factor authentication system has grown since last year, when RSA revealed that intruders on its networks stole sensitive SecurID information that could be used to reduce its security. Defense contractor Lockheed Martin later confirmed that a separate attack on its systems was aided by the theft of the RSA data.
Last week's blog post by SensePost's Behrang Fouladi demonstrated another way determined attackers could in certain cases circumvent protections built into SecurID. By reverse engineering software used to manage the cryptographic software tokens on computers running Microsoft's Windows operating system, he found that the secret "seed" was easy for people with control over the machines to deduce and copy. He provided step-by-step instructions for others to follow in order to demonstrate how easy it is to create clones that mimic verbatim the output of a targeted SecurID token.
"When the above has been performed, you should have successfully cloned the victim's software token and if they run the SecurID software token program on your computer, it will generate the exact same random numbers that are displayed on the victim's token," Fouladi wrote. 

[...]


_______________________________________________
LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA
http://www.layerone.org
Previous By Date Next
Previous By Thread Next

Current thread: