RSA's SecurID 800 encryption system is often regarded by large organizations to be an incredibly secure way to keep networks and data secure. But a team of European computer scientists have since managed to crack the supposedly 'ironclad' encryption wide open.
According to Ars Techinca, the team managed to develop an approach that requires just 13 minutes to crack the device's encryption. Here's how it works:
If devices such as the SecurID 800 are a Fort Knox, the cryptographic wrapper is like an armored car used to protect the digital asset while it's in transit. The attack works by repeatedly exploiting a tiny weakness in the wrapper until its contents are converted into plaintext. One version of the attack uses an improved variation of a technique introduced in 1998 that works against keys using the RSA cryptographic algorithm. By subtly modifying the ciphertext thousands of times and putting each one through the import process, an attacker can gradually reveal the underlying plaintext, D. Bleichenbacher, the original scientist behind the exploit, discovered. Because the technique relies on "padding" inside the cryptographic envelope to produce clues about its contents, cryptographers call it a "padding oracle attack." Such attacks rely on so-called side-channels to see if ciphertext corresponds to a correctly padded plaintext in a targeted system.
And apparently, the same method also works on other devices including those electronic ID cards carried by all Estonian citizens and a number of other security tokens provided by other companies (Aladdin eTokenPro and iKey 2032 made by SafeNet, the CyberFlex manufactured by Gemalto, and Siemens' CardOS).
But don't worry about your company's secrets being exposed. In order to do this, hackers need to have physical access to the device, and RSA has already been made aware of the compromise and is in the process of getting it fixed.