Computer Scientists Crack RSA's Ironclad Secure ID 800 Tokens (Updated)

If you're used to seeing a device like this on a daily basis, you probably assume that it's a vital security measure to keep your employer's networks and data secure. A team of computer scientists beg to differ, however— because they've cracked the encryption it uses wide open.

Update: RSA has now explained why the situation isn't quite as bad it sounds in a blog post on their website.

Ars Techinca reports how a team of European computer scientists leveled their sights at the encryption API used in RSA's SecurID 800 token, which is often regarded by large organizations to be an incredibly secure way to store the credentials needed to access confidential data. They managed to develop an approach that requires just 13 minutes to crack the device's encryption. Ars Technica describes how it works:

If devices such as the SecurID 800 are a Fort Knox, the cryptographic wrapper is like an armored car used to protect the digital asset while it's in transit. The attack works by repeatedly exploiting a tiny weakness in the wrapper until its contents are converted into plaintext. One version of the attack uses an improved variation of a technique introduced in 1998 that works against keys using the RSA cryptographic algorithm. By subtly modifying the ciphertext thousands of times and putting each one through the import process, an attacker can gradually reveal the underlying plaintext, D. Bleichenbacher, the original scientist behind the exploit, discovered. Because the technique relies on "padding" inside the cryptographic envelope to produce clues about its contents, cryptographers call it a "padding oracle attack." Such attacks rely on so-called side-channels to see if ciphertext corresponds to a correctly padded plaintext in a targeted system.

The same attack actually also works on plenty of other devices, including electronic ID cards carried by all Estonian citizens and a number of other security tokens provided by other companies, including the Aladdin eTokenPro and iKey 2032 made by SafeNet, the CyberFlex manufactured by Gemalto, and Siemens' CardOS.

The nature of the attack does require the hacker to have physical access to the token, but if access to a system is required, that doesn't seem like a deal breaker. According to the researchers RSA is aware of the compromise and is in the process of planning a fix. In the meantime, keep your eyes on you key fob. [Project-Team Prosecco via Ars Technica]

Image by EMC