Stealing passwords from secure flash drives
Loading...
Uploader Comments (wkstube101)
All Comments (14)
-
What about physical wear? The buttons used in your password will wear over time. So, a careful analysis will reveal which buttons are used most. In the case of a 4 digit pin with no repetition and ten allowed attempts, this would provide a 10/4! chance of guessing the password. Or, about 42%. That doesn't seem secure to me.
-
@Ralothael @Ralothael In your two posts you summed up eloquently what I was about to say. Maybe security could be improved by 2-factor authentication? The first factor (PIN) would unlock the drive, making it visible to the OS. The second factor also requiring direct entry onto the USB drive (eg hardware fingerprint reader) for each file read/written.
-
Or you could also watch keyboard when someone is typing password! That is vulnerability too!!!
-
@stvjones653 He's promoting the competition's product (imho) which has a 12 button PIN pad on a 2"x.5" USB Key. That must be fun for bi-focals. A key logger can't access that information so therefor it must be a better option. For the price it maybe. :) Thanks for the post!
-
so your saying you can get into the Ironkey without the password?
-
This is no different then Spoofing the login, if you have admin access and can install virus.loggers on the host machine, then you can also just Spoof the login, its got next to nothing to do with the USB. Lets see you hack it without already knowing the PW lol, if you did this remotely you would then need to burglarize the USB itself, so its a very weak attack relying on 1. admin rights to host 2. possesion of the USB itself. 3) the real password typed in
-
Also, just because they have the password to your device doesn't mean much. They would also have to have the device itself. Think about it, If your password to your device and the device itself could be compromised by the SAME PERSON, then there are much bigger security issues present than a secure drive is going to fix. Yeah, someone has my password, big deal,. Unless that same person is in my house with me, they will not be getting the device, making their knowledge useless.
-
A key-logger is also not the only threat. There are programs that could steal the data from the USB when it is unlocked and open, which is something that no flash drive, not even the LOK-IT drive is going to prevent. No matter what secure drive you have, if there is malware on the computer, its data is going to be vulnerable. This video is just beating on others that use authentication in software, rather than hardware, hoping it will sway the people who don't know better.
-
The fact that a "reputable" antivirus software is running and detects nothing at all is what scares me the most. I am quite certain I've had to deal with 3 or 4 virus situations over the past few years; not a single time has any antivirus software been of any help, so this does not surprise me.
3:12
Intercepting Passwords from Virtual Keyboardsby wkstube1014,059 views- 2:02
IronKey Responds to Hack of Encrypted USB Drivesby IronKeyInc24,364 views
- 6:14
How to Hack A Flash Driveby kjfld9,794 views
- 1:09
LOK-IT Hardware Authenticationby LOKITSecureUSBDrive14,074 views
- 0:58
SafeStick Password Easily Compromisedby wkstube101866 views
- 3:11
USB Encryptionby LOKITSecureUSBDrive1,356 views
- 2:16
Ironkey S200by bazzilio61,781 views
- 0:55
Kingston DataTraveler 5000 USB Flash Driveby buytv584 views
- 6:25
How To Create A Password On Your USB Flash Driveby Sh00t3r35746,895 views
- 9:48
How to password protect a flash driveby merkinator951,771 views
- 1:00
60 Second Review - Lexar 8GB JumpDriveby BTrueK3,040 views
- 4:03
USB flash drive securityby jinlin053,475 views
- 3:52
CoreTrace Secures Lockheed Martin's "PC on a Stick", IronClad.by CoreTraceCorporation796 views
- 5:38
IronKey Special Ops - Testing In Powderby jizzleton3,941 views
- 1:09
Secure USB Flash Drive SafeStickby BlockMasterSecurity11,887 views
- 2:28
Ironkey Waterproof Testby securityactive2,295 views
- 0:59
The DataTraveler 200by KingstonTechEMEA10,586 views
- 5:59
How to steal all passowrdz from a computer in 1 second by USBby Ragh0st543 views
- 5:14
how to hack a flash driveby kjfld8,083 views
- 5:16
IronKey Special Ops: Wash Testby IronKeyInc15,669 views
If someone has repeated physical access to your computer, and knows your computer's password, and can install malicious software, then you have way bigger problems than a secure flash drive can fix!
Like, someone could install malicious software that ftps all your files from your secure device once you unlock it, whether it was biometric unlock or something else.
davewilcox879 1 year ago 2
@davewilcox879 Are you saying that no employee with access to confidential business information has ever ended up with malicious software on his computer, either because he was duped into installing it or because other with access to his computer (e.g. his kids at home) installed it? History seems to indicate otherwise.
wkstube101 1 year ago
How is this new???? It's a home-grown keystroke logger that he installed on his own computer. It's got nothing to do with stealing passwords from secure flash drives... it will steal passwords from anything (online banking, email, VPN). There is a good Wikipedia article on keyloggers h
stvjones653 1 year ago 2
@stvjones653 That keyloggers aren't new does not mean the vulnerability isn't real. I'm pointing out here that my keyloggers escape detection by antivirus software, and that non-keylogger spying techniques successfully intercept passwords in virtual-keyboard situations. I've seen no wikipedia discussion of these matters, so that's how this is new. More videos to follow.
wkstube101 1 year ago