Intercepting Passwords from Virtual Keyboards
Loading...
Uploader Comments (wkstube101)
All Comments (8)
-
Author seems to understand not the basics of security. Lear it -- 10 Immutable Laws of Security (search in Google). The very first is: "Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore". Get it -- not your data, nor the programs you run, from flash or whatever other device -- simply not yours anymore.
So, the security incident actually happened when author ran his program. It is naive to say AV doesn't detect it -- it's not their goal.
-
can the IronKey's virtual keyboard with ramdom scrambling of the keyboard be vulnerable to any sort of keyloggers?
-
The Knox-IT products have a keypad on the actual drive and the OS never sees the actual pin being punched in. That's the point of having a keypad on the flash drive itself. Only the hardware of the flash drive sees the pin. not the USB port.
-
On the contrary. This is a very simple (for any competent Windows developer) to implement and shows a real vulnerability in these products. To be sure, these drives are better security-wise than your unsecured drives, but people need to be aware that vulnerabilities still exist with these products, especially with software based ones.
3:20
Iron key last password attemptby wesleyshepherd6,037 views- 2:41
Episode 66: Corsair Survivor GT 32GB USB Keyby amcink2,969 views
- 2:02
IronKey Responds to Hack of Encrypted USB Drivesby IronKeyInc24,470 views
- 6:35
Will it Blend - Corsair Survivor (original full length take)by premiumusb5,029 views
- 3:45
LOK-IT Best of FOSE Award Interviewby LOKITSecureUSBDrive1,630 views
- 0:44
Ironkey openingby GsMen2,544 views
- 3:55
IronKey Durability Testby brettandsambyers2,696 views
- 0:34
Ironkey openingby GsMen9,148 views
- 0:58
SafeStick Password Easily Compromisedby wkstube101886 views
- 0:41
Self Destruct sequenceby jisaid0816,349 views
- 1:09
LOK-IT Hardware Authenticationby LOKITSecureUSBDrive14,074 views
- 1:43
The All-New Crypteks USB™by crypteksUSB15,874 views
- 3:11
USB Encryptionby LOKITSecureUSBDrive1,412 views
- 3:52
CoreTrace Secures Lockheed Martin's "PC on a Stick", IronClad.by CoreTraceCorporation796 views
- 0:55
Kingston DataTraveler 5000 USB Flash Driveby buytv595 views
- 9:53
Augustus Once and for Allby bstorage760 views
- 1:00
60 Second Review - Lexar 8GB JumpDriveby BTrueK3,053 views
- 1:16
A Day In The Lab: Smashing an IronKeyby maddmatt212953 views
- 8:03
How to Partition a USB Flash Drive for Windows.by tkee1008,170 views
This video is very troubling to me because it seems to be attempting to dupe it's viewers. A demo of a common keylogger does NOT demonstrate a vulnerability of any of these products.
MultiTripman 1 year ago
@MultiTripman What specific point do you find deceptive? I find that few people are aware that specialized keyloggers avoid detection by antivirus software, or that virtual keyboards can be similarly spied-upon. There is considerable history of password interception by viruses using such means of theft. In what way are these devices not vulnerable to such attacks?
wkstube101 1 year ago
If you mean that their vulnerability to such attacks is no greater than any other service that relies on software for authentication, that might be essentially valid. However, makers of these devices seem to imply that if their deny/allow logic is on the device they are not at all vulnerable to software-based attacks - and this is clearly not the case.
wkstube101 1 year ago