Aladdin Knowledge Systems' eToken is a portable USB (Universal Serial Bus) authentication device providing complete access control for digital assets. eToken stores private keys, passwords or electronic certificates in a hardware token the size of a house key. The eToken makes use of two-factor authentication. Using the legitimate user's PIN number ("what you know") and the physical USB key ("what you have"), access to the public and private data within the key will be granted.
The attack requires physical access to the device circuit board and will allow all private information to be read from the device without knowing the PIN number of the legitimate user. By using any number of low-cost, industry-standard device programmers to modify the unprotected external memory, the User PIN can be changed back to a default PIN. This will allow the attacker to successfully login to the eToken and access all public and private data. A homebrew device programmer could be built for under $10 and commercial device programmers are available from a number of companies ranging in cost from $25 to $1000.
Users must be aware that the PIN number can be bypassed and should not trust the security of the token if it is not always directly in their possession. If a legitimate user loses their USB key, all data, including the private information, needs to be considered as if compromised.
The eToken device is also not tamper-evident. It is possible to open the device housing without evidence of tampering, allowing the attacker to gain physical access to the circuit board without the legitimate user's knowledge. Epoxy encapsulation and other tamper hindering techniques should be employed in the manufacturing of such hardware devices.
The information has been provided by: Kingpin.
The legitimate user's PIN can be reset back to the default PIN by simply copying a particular 8-byte string from one area of the unprotected external memory to another. If necessary, the legitimate user's original PIN can be copied back into the external memory after the attack and no evidence of tampering will be apparent.
All data on the eToken USB key is stored in an external memory. The 8KB flavor of the eToken uses an Atmel 25640 SPI Serial EEPROM (http://www.atmel.com). Serial EEPROMs are extremely common in the engineering industry and require minimal circuitry to read and write to. They are also notoriously insecure and often do not provide any type of security features. Due to the nature of Serial EEPROMs, it is possible to attach a device programmer to the device, while it is still attached to the circuit board, and read and write at will. The described experiments were carried out using the Needham's Electronics EMP-30 ( http://www.needhams.com ) which cost $995, although a homebrew device programmer could be built with a handful of components for under $10. Other device programmers are available from a number of companies, ranging in cost from $25 to $1000. A schematic of our findings can be found a! http://www.atstake.com/research/advisories/2000/etoken_schematic.pdf
There are two PIN numbers associated with each eToken USB key, allowing either User or Administrator access. User access has complete control of the eToken file system, while Administrator is allowed to initialize the key, but not access private data.
Both PINs, private data, and secret data are encrypted in some manner before being stored into the EEPROM. The public data is stored in plaintext and can be easily read by viewing the buffer of the Serial EEPROM.
The 8-byte strings, which determine the User and Administrator PINs, are stored at location $10 and $18, respectively. By copying the 8-byte string stored at $20 into either of those areas, we return the PIN to its default state. The 8-byte string defining the encrypted version of the default PIN is unique for each eToken.
Initial memory dump, with User PIN set to 66666666 and Admininstrator PIN set to 87654321:
Once the modified buffer is programmed back into the Serial EEPROM, the attacker can login to the eToken using the default PIN and make use of the legitimate user's credentials. Our proof-of-concept tool demonstrates quick extraction of all private, public, and configuration data from the key.
The default PIN is 0xFFFFFFFFFFFFFFFF, which is 8 bytes of 0xFF, a non-printable character. To enter the default PIN on a Windows platform, hold the "Alt" key while typing "0255". Release the "Alt" key between characters. Repeat this 8 times. This sequence will enter a 0xFF character into the dialog box.
The physical housing of the eToken consists of a two-piece plastic design. A combination of glue and two mechanical features hold the unit together. The mechanical features aren't externally visible, so if they are broken during disassembly, it won't be evident. Access to the circuit board can be obtained by heating the device with a heat gun or hair dryer, and carefully prying the two pieces apart using an X-acto knife and small screwdriver blade. When the attack is complete, crazy glue can be used to close the device without visible evidence of tampering. Pictures of the step-by-step operation can be found at: http://www.L0pht.com/advisories/etoken_images.html
The quick solution, although it does not remedy the core problem, is to be very aware of the physical security and location of the key at all times. The owner of the key should, for no reason, leave the key unattended or loan it to a colleague. If the key is unattended for any amount of time, the data could possibly have been compromised due to the PIN being bypassed with the methods described in this advisory.
A number of features could be added to the manufacturing process of the eToken to aid in tamper prevention. Because there is no reason for the circuitry to be accessed after key manufacture, encapsulating the IC's with epoxy or other material will prevent the easy manipulation that is currently possible. Enhancing the physical housing design to be tamper-evident and more difficult to open will also prevent an attacker from easily accessing the device internals without detection. These methods should be considered by all hardware vendors, since they help to raise the bar against common physical attacks.
Aladdin promptly acknowledged the security problems associated with the eToken as mentioned in this advisory. They informed us that version 3.3.3.x of their eToken is a demo and "proof-of-concept" product (which is inconsistent with the information on their web site). Also, the following facts support the fact that eToken is more than just a 'demo' or 'proof-of-concept':
1) The product has been available for 2 years.
2) We were unable to find reference to it being a "proof-of-concept" tool.
3) It has been shipped in large quantities to commercial organizations.
It is unknown whether the production version (2.3.4.x), known as eToken R2, will also be considered a demo product or whether it will address the problems mentioned herein. eToken R2 has not yet been released.
The proof-of-concept tool, known as "Heimlich", makes use of the PC/SC support of the eToken to perform the following functions:
1) Search USB ports for eToken
2) Retrieve and display configuration data for the inserted key
3) Login as User using the default PIN of 0xFFFFFFFFFFFFFFFF
4) Retrieve all public and private data and export the directory hierarchy to DOS
The tool expects that the eToken User PIN has been reset to the default state, as described in this advisory. If the User PIN is not set to default, login to the eToken will be denied.
The secret data areas are write-only and cannot be extracted using the PC/SC interface. The secret areas are used for private keys and other information that will never leave the key. Only the microprocessor on the key is allowed to have access to the secret information. However, the encrypted secret data is stored in the external Serial EEPROM and can be located in the memory dump for further analysis, if desired.