COMMAND
Aladdin
SYSTEMS AFFECTED
Aladdin eToken USB Key 3.3.3.x
PROBLEM
Following is based on L0pht Research Labs Security Advisory.
Aladdin Knowledge Systems' eToken is a portable USB (Universal
Serial Bus) authentication device providing complete access
control for digital assets. eToken stores private keys, passwords
or electronic certificates in a hardware token the size of a house
key. The eToken makes use of two-factor authentication. Using
the legitimate user's PIN number ("what you know") and the
physical USB key ("what you have"), access to the public and
private data within the key will be granted.
The attack requires physical access to the device circuit board
and will allow all private information to be read from the device
without knowing the PIN number of the legitimate user. By using
any number of low-cost, industry-standard device programmers to
modify the unprotected external memory, the User PIN can be
changed back to a default PIN. This will allow the attacker to
successfully login to the eToken and access all public and private
data. A homebrew device programmer could be built for under $10
and commercial device programmers are available from a number of
companies ranging in cost from $25 to $1000.
Users must be aware that the PIN number can be bypassed and should
not trust the security of the token if it is not always directly
in their possession. If a legitimate user loses their USB key,
all data, including the private information, needs to be
considered to have been compromised. The eToken device is also
not tamper-evident. It is possible to open the device housing
without evidence of tampering, allowing the attacker to gain
physical access to the circuit board without the legitimate user's
knowledge. Epoxy encapsulation and other tamper hindering
techniques should be employed in the manufacturing of such
hardware devices.
The legitimate user's PIN can be reset back to the default PIN by
simply copying a particular 8-byte string from one area of the
unprotected external memory to another. If necessary, the
legitimate user's original PIN can be copied back into the
external memory after the attack and no evidence of tampering will
be apparent.
All data on the eToken USB key is stored in an external memory.
The 8KB flavor of the eToken uses an Atmel 25640 SPI Serial
EEPROM. Serial EEPROMs are extremely common in the engineering
industry and require minimal circuitry to read and write to. They
are also notoriously insecure and often do not provide any type
of security features. Due to the nature of Serial EEPROMs, it is
possible to attach a device programmer to the device, while it is
still attached to the circuit board, and read and write at will.
Our experiments were carried out using the Needham's Electronics
EMP-30 which cost $995, although a homebrew device programmer
could be built with a handful of components for under $10. Other
device programmers are available from a number of companies,
ranging in cost from $25 to $1000. A schematic of our findings
can be found at:
http://www.L0pht.com/advisories/etoken_schematic.pdf
There are two PIN numbers associated with each eToken USB key,
allowing either User or Administrator access. User access has
complete control of the eToken file system, while Administrator
is allowed to initialize the key, but not access private data.
Both PINs, private data, and secret data are encrypted in some
manner before being stored into the EEPROM. The public data is
stored in plaintext and can be easily read by viewing the buffer
of the Serial EEPROM.
The 8-byte strings which determine the User and Administrator
PINs are stored at location $10 and $18, respectively. By copying
the 8-byte string stored at $20 into either of those areas, we
return the PIN to its default state. The 8-byte string defining
the encrypted version of the default PIN is unique for each
eToken.
Initial memory dump, with User PIN set to 66666666 and
Admininstrator PIN set to 87654321:
User PIN Admin PIN
/-----------------\ /-----------------\
00000010 7235 BAA8 5778 DE97 B7DD 9F01 121B 27A7 r5..Wx........'.
00000020 BE74 503B 3751 FA74 FFFF FFFF FFFF FFFF .tP;7Q.t........
\-----------------/
Default PIN string
Memory dump, after modification, with the User PIN now set to the
default:
00000010 BE74 503B 3751 FA74 B7DD 9F01 121B 27A7 .tP;7Q.t......'.
00000020 BE74 503B 3751 FA74 FFFF FFFF FFFF FFFF .tP;7Q.t........
Once the modified buffer is programmed back into the Serial
EEPROM, the attacker can login to the eToken using the default PIN
and make use of the legitimate user's credentials. L0pht proof-
of-concept tool demonstrates quick extraction of all private,
public, and configuration data from the key.
The default PIN is 0xFFFFFFFFFFFFFFFF, which is 8 bytes of 0xFF,
a non-printable character. To enter the default PIN on a Windows
platform, hold the "Alt" key while typing "0255". Release the
"Alt" key between characters. Repeat this 8 times. This sequence
will enter a 0xFF character into the dialog box.
The physical housing of the eToken consists of a two-piece plastic
design. A combination of glue and two mechanical features hold
the unit together. The mechanical features aren't externally
visible, so if they are broken during disassembly, it won't be
evident. Access to the circuit board can be obtained by heating
the device with a heat gun or hair dryer, and carefully prying
the two pieces apart using an X-acto knife and small screwdriver
blade. When the attack is complete, crazy glue can be used to
close the device without visible evidence of tampering. Pictures
of the step-by-step operation can be found at:
http://www.L0pht.com/advisories/etoken_images.html
The proof-of-concept tool, known as "Heimlich", makes use of the
PC/SC support of the eToken to perform the following functions:
1) Search USB ports for eToken
2) Retrieve and display configuration data for the inserted key
3) Login as User using the default PIN of 0xFFFFFFFFFFFFFFFF
4) Retrieve all public and private data and export the directory
hierarchy to DOS
The tool expects that the eToken User PIN has been reset to the
default state, as described in this advisory. If the User PIN is
not set to default, login to the eToken will be denied. The secret
data areas are write-only and cannot be extracted using the PC/SC
interface. The secret areas are used for private keys and other
information that will never leave the key. Only the
microprocessor on the key is allowed to have access to the secret
information. However, the encrypted secret data is stored in the
external Serial EEPROM and can be located in the memory dump for
further analysis, if desired.
The demonstration tool, in form of an application, has been
written for the Windows 98 platform. Source code and compiled
executable can be found at:
http://www.L0pht.com/advisories/heimlich.zip
Due to copyright restrictions, Aladdin's libraries and header
files are not included. For further development and
experimentation, obtain the eToken SDK from Aladdin.
SOLUTION
The quick solution, although it does not remedy the core problem,
is to be very aware of the physical security and location of the
key at all times. The owner of the key should, for no reason,
leave the key unattended or loan it to a colleague. If the key
is unattended for any amount of time, the data could possibly
have been compromised due to the PIN being bypassed with the
methods described in this advisory.
A number of features could be added to the manufacturing process
of the eToken to aid in tamper prevention. Because there is no
reason for the circuitry to be accessed after key manufacture,
encapsulating the IC's with epoxy or other material will prevent
the easy manipulation that is currently possible. Enhancing the
physical housing design to be tamper-evident and more difficult to
open will also prevent an attacker from easily accessing the
device internals without detection. These methods should be
considered by all hardware vendors, since they help to raise the
bar against common physical attacks.
Aladdin promptly acknowledged the security problems associated
with the eToken as mentioned in this advisory. Version 3.3.3.x
of their eToken is a demo and "proof-of-concept" product (unable
to find any reference to version 3.3.3.x being a beta or
demonstration product in any documentation).