+2
Und wieder RSA
Behrang Fouladi demonstriert das Klonen eines RSA-Soft-Tokens.
Widespread use of smart phones by employees to perform work related activities has introduced the idea of
using these devices as an authentication token. As an example of such attempts, RSA SecureID software tokens
are available for iPhone, Nokia and the Windows platforms. Obviously, mobile phones would not be able to
provide the level of tamper-resistance that hardware tokens would, but I was interested to know how easy/hard
it could be for a potential attacker to clone RSA SecureID software tokens. I used the Windows version of the
RSA SecurID Software Token for Microsoft Windows version 4.10 for my analysis and discovered the following
issues...
using these devices as an authentication token. As an example of such attempts, RSA SecureID software tokens
are available for iPhone, Nokia and the Windows platforms. Obviously, mobile phones would not be able to
provide the level of tamper-resistance that hardware tokens would, but I was interested to know how easy/hard
it could be for a potential attacker to clone RSA SecureID software tokens. I used the Windows version of the
RSA SecurID Software Token for Microsoft Windows version 4.10 for my analysis and discovered the following
issues...
http://www.sensepost.com/blog/7045.html
(Dank an David V. für den Hinweis)
Das Problem ist weniger, wie Hersteller (an sich sehr clever) mit den begrenzten Möglichkeiten eines Einsatzgebietes umgehen.
Es sollte nur nicht der Eindruck erweckt werden, in Bezug auf IT-Sicherheit das Unmögliche möglich machen zu können.
Grüße
Richard
