[ad_1]
In terms of security, nothing is "indecipherable". When it is claimed, security researchers see only one challenge.
Enter the latest findings from Pen Test Partners, a UK-based cybersecurity firm. Their latest project was tearing the "invincible" eyeDisk, an allegedly secure USB drive that uses iris recognition to unlock and decrypt the device.
eyeDisk collected more than $ 21,000 during its Kickstarter campaign last year and began shipping devices in March.
There is only one problem: it's anything but "unshakable".
David Lodge, Pen Test Partners researcher, discovered that the device backup password (to access data in the event of device failure or crash) could be easily obtained with software capable of to detect USB device traffic.
The secret password – "SecretPass" – can be seen in clear text. (Image: Pen Test Partners)
"This string in red is the password I set on the device. Clear. In a bus easy to sniff, "he said in a blog post detailing his findings. The password is
Worse, he said, the real password of the device can be recovered even if the wrong password has been entered. Lodge explained that the device first revealed its password, then validated it against the password that the user had provided before sending the unlock password.
Lodge said that anyone using one of these devices should use additional encryption on the device.
The researcher revealed the flaw to eyeDisk, who had promised a solution, but has not yet released it. eyeDisk did not return a comment request.
[ad_2]
Source link