CERN Computing Seminar

Security Analysis of the Un-hackable Victorinox Secure Device

by Dr Martin Vuagnoux

Europe/Zurich
IT Auditorium (CERN)

IT Auditorium

CERN

Description

In 2010, Victorinox proposed a new USB storage device with data access secured with biometric fingerprints. According to the press release, this device contains several uncommon protections such as custom fingerprint reader with blood oxygen and temperature sensor, custom designed "MKI Schnuffi-X" chip and self-destruct mechanism if chip is physically attacked. In 2010 and 2011, Victorinox organized several challenge contests (Las Vegas, London, Geneva) called "break the code". The winning prize was up to 250k$ to whom is able to hack the "un-hackable" Victorinox Secure Device. Until today, nobody has won the contest. In this talk, we analyze the security of the "un-hackable" Victorinox Secure Device. We demonstrate that this product does not contain all the security mechanism described in the press release. We also show that the biometric authentication can be easily bypassed with tools such as notepad.exe. Finally we explain why it is very hard to win the contest even if the device is unsafe.

About the speaker

Martin Vuagnoux finished his PhD last year at Ecole Polytechnique Fédérale de Lausanne (EPFL) in the Security and Cryptography Laboratory led by Prof. Serge Vaudenay (LASEC). Preivously, he worked for 6 years as ethical hacker and founded two companies in Switzerland.

His research domains are the cryptanalysis of symmetric cryptosystems and protocols (SSL/TLS, WEP, WPA, RFID, etc.), the automated discovery of vulnerabilities in software and operating systems, the reverse engineering of unknown protocols in embedded systems and the analysis and the exploitation of side-channel attacks such as compromising electromagnetic emanations of electronic devices.


Organised by: Sebastian Lopienski and Miguel Angel Marquina
Computing Seminars /IT Department