Continued from “Controlling Your Interfaces (Part 1)”
Inside the iKey® 1000 there was a microprocessor and a serial EEPROM. The EEPROM is where the secrets were stored. What Kingpin was able to do was find out where an encoded (obfuscated) hash of the master password was stored in the EEPROM. He could do this because Rainbow had provided a direct interface to the EEPROM. Rainbow had done this intentionally by making an internally available interface for adding more memory to the iKey® 1000. Rainbow purposely did not apply a conformal coat this interface, so that the iKey® 1000 could be easily upgraded.
Kingpin was able to access the memory through this interface, figure out the encoding function (and its inverse function). This meant that anyone understanding the technique could get to the iKey 1000’s secrets without the user or master passwords.
Rainbow could have done many things to make @Stake’s attack more difficult. For example, Rainbow could have done a better job of controlling the interface to the EEPROM. One way to do this would have been to encase everything but the USB interface of the PCB in epoxy.
Companies frequently include “back doors,” expansion ports and/or test interfaces in systems for their own purposes. These interfaces provide potential new avenues for attack. If you find that you need to include interfaces like these in your company’s products or systems, consider including some controls that will make it difficult for attackers. Insufficient interface control is a common security problem in information systems. While, overall, it may be true that the percentage of people with the skills and intent to exploit your interfaces is low, there are still lots of people and organizations with the skills and many of these would be happy to give it a try. Why make it easy for them?