RSA SecurID Two-factor Authentication Comprimised


SecurID is a two-factor hardware-based authentication system. It requires you to enter the number displayed on a hardware fob like the one seen above, along with the rest of your login information. It’s regarded to be a very secure method of protecting information when users are logging into a company’s secure system remotely. But as with everything else, there’s always a way to break the security. It sounds like last month someone hacked into the servers of the company that makes SecurID.

You’ll need to read between the lines of that letter from RSA (the security division of EMC) Executive Chairman [Art Coviello]. He admits that someone was poking around in their system and that they got their hands on information that relates to the SecurID system. He goes on to say that the information that the attackers grabbed doesn’t facilitate direct attacks on RSA’s customers.

We’d guess that the attackers may have what they need to brute-force a SecurID system, although perhaps they have now way to match which system belongs to which customer. What’s you’re take on the matter? Lets us know by leaving a comment.

[via Engadget]

34 thoughts on “RSA SecurID Two-factor Authentication Comprimised

  1. According to the Security Now podcast, the only secret in the system is the mapping between serial numbers and the secret key inside the device that determines the sequence of numbers on the screen.

    The attack was an e-mail containing an Excel spreadsheet with an embedded Flash document.

  2. Let’s assume that the seed values were compromised. On their own, and with only information available at RSA, they cannot be tied to an individual user. However, that’s not the only resource a good hacking organization has.

    Trojan horses record all keystrokes on specific machines, and are designed to capture usernames, passwords, and other credentials. This, I think I can safely say, would include previous one time passwords and a near precise time they were entered. I would think a hacking organization savvy enough to pull off a directed attack like RSA would also have the resources for the more statistical mass market type attacks as well, and would already have this dataset available.

    Using cloud technology, the RSA algorithms, and the seed value, an attacker could generate previous OTPs for each token. This could even be done intelligently, by only generating them for the specific times shown in the Trojan data. That attacker could then match the captured trojan OTPs and the calculated RSA OTPs, and suddenly you have a set of personal information associated with specific tokens.

    Ouch, now the mapping between the RSA seed data and a unique user exists. Nifty huh?

  3. This is not a issue – move along, move along.

    Probably, the customer name, token IDs, and seed numbers were taken. RSA don’t have much else worth stealing – the algorythm is well known, and open-source code generators are available, just plug in the seed value and the current date/time and you get the right code.

    However to use this information you need to know:
    The seed value for a token. (stolen)
    The username associated with a token (not known by RSA, so not stolen).
    The IP address/service that can use that username/token. (not known to RSA, not stolen)
    The secret PIN. (not known to RSA, not stolen)

    If you get the PIN wrong a few times (5?) the token is disabled. If you get the code wrong a few times (15?) the username is disabled.

    So brute-forcing the PIN isn’t an option even if you knew who had what token….

    …like I said, move along, move along.

    The real issue here is exactly how complex and persistent the attack was to steal this information – would your company be safe against exactly the same attack?

    Answer in 99.99% of cases: no :-(

    Dom

  4. I agree with Dom, nothing usable was (or even could have been) taken here. The attackers have a bunch of seeds that they can’t associate with usernames or sites, so they have nothing, unless… their intrusion could remain undetected on the servers for fairly long time, during which they could monitor access to each seed and from what domains those accesses originated. In that scenario, usernames could be readable directly from the IP traffic on the server. This would require a significant effort, but is technically feasible.

  5. Paypal Has the securid one and it’s NOT hacked contrary to claims by those that dont know anything at all. or just talk out of their butt to try and look cool.

    When securid get’s actually cracked, then the paypal one will be cracks. It’s the same thing.

    Problem is it requires the mapping of the serial to the key number, it will never be a “l33tsecuridcrack.c” file that magically cracks things for script kiddies yo… It will still take a lot of work to crack it and if they put in place a 3 attempts and you are locked, it significantly neuters any attacks. Plus you need the serial number of the dongle of the target.. some people are stupid enough to enter it, so many fake sites will crack it.

    Right now MITM attacks work on the securid. Nothing else does.

  6. RSA has not admitted to a failure in their two-factor authentication system. Unfortunately, RSA has not confirmed that the system has NOT been compromised, either.

    RSA’s handling of this makes me wish my employer would switch to a new system that’s more open. I don’t want to go months, weeks, or even days without knowing that the servers we protect with RSA’s two-factor system are secure. RSA needs to be more forthcoming or admit that they just don’t know. Right now, it just sounds like they’re trying to hide the extent of the damage, which does not do much for my confidence in the security of their system.

  7. I have only read a bit about the actually effort of cracking this system. But I doubt that this would be of much use on its own. But if you could obtain other information such as the username, pin, and IP.

    Then you could access their system until they change their pin. Which I’m assuming most people using this system won’t change their pin because they assume their fob changes constantly so they don’t need to worry about changing their pin.

    The first place I would look for any sort of compromise from this crack would be an internal threat.

  8. Doesn’t the Blizzard World of Warcraft Authenticators use this same technology?

    i wonder, was this attempt made as a proof of concept, an attempt to access bank accounts or an attempt for blizzard accounts.

  9. What’s YOUR take on the matter, not “you’re”. When in doubt, remove the contraction and see if the sentence still makes sense. “What’s you are take on the matter?” does not a complete sentence make.

  10. I have to agree with dom, but he forgot to mention one thing: This could have been a targetted attack, which means the attacker knew what he/she was after and they got what they wanted. Perhaps they had the PIN, username and IP all they needed was the token seed file so they could generate legitimate keys.

    Who says this was not planned by some – – government or large organization. The point is RSA activID is compromised. Anyway the picture you are showing is of an old end of life token. Nowadays they have a keypad on which you enter a pin. This generates the secret for you.

  11. I use one of these everyday to login for work.. The LCD display shows a number that you tack onto your password that changes every few seconds.. If the time on your PC is off or you take a second too long to type your password it’s invalid and you have to try again.. RSA would have no idea what my ID or password would be let alone what the number on my fob is..especially at any given time since those servers are within my company.

  12. @yes10wn
    Good point (never thought of that, or heard anyone else suggest – +1 to you!).

    But you still don’t know exactly which token is assigned to each user, and (IIRC) 15 failed token codes and the account gets locked….

    ….but you’re right, if a company with a small staff turnover gets a new CEO, just after a shipment of new tokens, it’s pretty likely that john.doe@company.com is going to get one of those tokens.

    You’re right about the really old token picture (though I think some 5-year ones like this may still be running), but not all of the new ones have keypads, they still sell code-only tokens, and there are ‘software’ tokens too.

    @Eric – they may have ‘sites/companies’ with each bundle of tokens, as this is known to RSA :-(

    @au518987077 – RSA SecurID is used to authenticate access to systems which move hundreds of millions of dollars a day, even for the smaller financial organisations. I don’t think the aim was to up their WoW credits, but you never know….nothing is as strange as folk.

  13. Wrong tokens in the picture. They are the old disused SID ones.
    Find a picture of the newer ones.
    See: http://en.wikipedia.org/wiki/File:SecureID_token_new.JPG

    The one pictured above has been discontinued for years as it was ‘broken’. You can find a tool to generate the token numbers in the handy-hackers-program cain and able.
    For the record, Cain&Able doesn’t work with the newer tokens.

    Chances are that the people that hacked RSA probably aren’t going to go after any small targets, they’d likely go for targets such as Government, infastructure, major banks, major R&D companies, military… Assuming the attack (like most good attacks) were funded by government bodies…

    My thoughts
    PS. I work for a company that deploys/sells RSA tokens.

  14. @joe

    Ask your RSA admin to ‘resync’ your token, and that should allow a code in front/behind to still be accepted. The RSA server should automagically sync when you use a too old/new a code, but I’ve seen this problem, so it doesn’t always work – especially if the server clock drifts a bit, e.g. isn’t using NTP to sync with reality. (token clocks drift too, but nowt you can do about that except resync).

    Dom

  15. If I am in-house attacker, all I need is method that gives me same salt numbers as what is generated on your token. Then its all over besides packet capture and a simple offline attack to match the password you used for that login session.

  16. “[Assuming the attacker doesn’t know who each secret key is assigned to, then the key doesn’t have much value]…” I’m not really convinced.

    While the attacker would be unable to simply select a key and a username and login as someone else, let’s assume the attacker is intelligent. What if the attacker managed to establish a man-in-the-middle attack between some user and the system being attacked (certainly not an unthinkable scenario). The attacker manages to retrieve a username, password, and one time key; exactly the sort of scenario that this system is designed to protect against. Because the attacker is in the middle he can probably cause the server to reject the first login attempt, by injecting invalid data, forcing the user to enter in another temporary key: now the attacker has two sequential keys, a username, and a password.

    Normally here is where we would be stuck, the attacker may be able to log in to the system once but that’s it; due to the nature of cryptography going backward is essentially impossible. The only option would be to brute force the secret key in order to find one that would produce these two sequential temporary keys and this would take an unimaginable amount of time. But now the attacker has another piece of the puzzle, a list of potential secret keys (possibly, we don’t know the entire picture). With this the attacker can now reduce the number of attempted secret keys by a hugely significant number, sort of like performing a dictionary attack, and while matching the secret key to the temporary keys may still be computationally difficult it would become much more feasible.

    The problem is that the more information you give an attacker the easier you make their job, and it’s not always obvious how some piece of information could compromise a system. If it was this easy then security wouldn’t be an issue.

  17. How is this news now? Maybe a month ago…. But 4 weeks late? Btw way, Dom is correct, worst case the seed -> token code mapping got taken. Still need user ID, pin and where to use it.

    Then agin, all of this is predicated that you don’t have Zeus/spy eye Trojan which will steal OTPs in realtime anyway

  18. Folks,

    These kinds of things – protecting against malware, MitM, encryption and replay attacks are all pre-requists to ‘getting it right’, if you’re not protecting against them, data stolen from RSA is the least of your problems!

  19. I don’t know much (anything) about how it works… what I do know is that I’ve never seen our IT guy be as proactive about anything… they grabbed all our old keys and replaced with new ones that must also plug into the USB port of the PC.

    Speaking of which, I’ve forgotten the new password they had me set up…

  20. What if they got the list of the largest mean numbers that are used to protect the smartcards used in the satellite systems. Makes you wonder how much more they got that wasn’t let out.

  21. You know, there’s an official term for wifi hacking with Bluetooth. It’s called bluesnarfing, and the Guinness World Record for its range is one mile. A billion interwebz to whoever beats that!

  22. i was wondering does these devices beam the password back to the server to activate it?

    if not then that may be the flaw because you can then make a password and brute force the mate to the password

    6 digits will only take 1000000 combinations.

    most systems should lock up the account after a hand full of attempts.

    atm’s it is 3 times and they keep the card and you have to go to the bank to get it back.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.