A security researcher has analyzed three hardware-based password vaults and discovered that credentials are stored in plaintext and survive hardware resets.
The investigation into these three standalone password managers has revealed that, through hardware hacking, it is possible to read data directly from the chips on the board, security researcher Phil Eveleigh explains.
Eveleigh tested RecZone Password Safe, passwordsFAST, and Royal Vault Password Keeper devices. A passcode is used to secure these devices, and users are also provided with the ability to add in the URL, username, and password for each site.
“However one thing I did find consistent across all devices is the keyboard is hard to use and doesn’t encourage strong, complicated passwords,” the researcher explains.
The analysis, Eveleigh says, starts with adding data to the device, then removing the device’s case to access the board and inspect it.
The RecZone device has a basic board and uses an 8-pin flash chip to store data. The researcher was able to power the device’s chip through a Raspberry Pi and discovered that, once connected, the Pi could read the data on it and that the data was stored in plain text.
Furthermore, he discovered that, even after resetting the device, the data was still present on the chip. The master 4 digit pin set after the reset was also present on the device, also in plaintext.
“What this means is if a user presses the reset button and sells the device, all of their passwords can still be read in plain text directly off the chip,” the researcher notes.
Eveleigh says he contacted the manufacturer to inform them on the vulnerability, but ..
Support the originator by clicking the read the rest link below.
