Sign up for our Technology Newsletter 
SecureID CRACKED?
May 31, 2012 by admin
Filed under Around The Net
Comments Off on SecureID CRACKED?
An analyst has come up with a technique that clones the secret software token that RSA’s SecurID uses to generate one-time passwords.
Sensepost senior security analyst Behrang Fouladi said that the discovery has important implications for the safekeeping of the tokens. Fouladi demonstrated another way determined attackers could circumvent protections built into SecurID. By reverse engineering software used to manage the cryptographic software tokens on computers running Windows, he found that the secret “seed” was easy for people with control over the machines to locate and copy. He provided step-by-step instructions for others to follow in order to demonstrate how easy it is to create clones that mimic verbatim the output of a targeted SecurID token.