« Back

Researchers Develop Cyberattack that Quickly Extracts Security Devices’ Encryption Keys

A team of European researchers developed an attack that let them steal sensitive cryptographic keys in minutes from hardened security devices such as token fobs and electronic identification cards used for purposes such as network access, hard-drive encryption, and digitally signing e-mails. For example, their attack extracted a secret key from RSA’s SecurID 800 token fob in 13 minutes by exploiting a weakness in the cryptographic wrapper and converting its contents into plaintext. The exploit they developed is based on the padding oracle attack for extracting encryption keys. They said other devices are also vulnerable to their attack. Researchers from the Ca' Foscari University of Venice; the University of Birmingham; Google; and the Norwegian University of Science and Technology worked on the project under the auspices of INRIA, the French National Institute for Research in Computer Science and Control. They will present their work in August at the 32nd International Cryptology Conference in Santa Barbara, California. (Ars Technica)(A Few Thoughts on Cryptographic Engineering)(INRIA)

Trackback URL: