Category Archives: Technical News

Technical News: Your Source for the Latest Tech News and Trends

Stay ahead of the curve with Freemindtronic’s Technical News. We keep you up-to-date on the latest developments in the tech world, so you can make informed decisions about your business and personal life.

Our team of experienced journalists and analysts scours the web for the latest tech news, so you don’t have to. We provide in-depth coverage of a wide range of topics, including:

  • Electronics
  • Embedded Systems
  • Artificial intelligence
  • Cloud computing
  • Cybersecurity
  • Data science
  • Emerging technologies
  • FinTech
  • Gadgets and gear
  • Green technology
  • Healthcare technology
  • Internet of Things (IoT)
  • Mobile technology
  • Robotics
  • Software development
  • Telecom
  • Wearables
  • And more!

Why Read Technical News from Freemindtronic?

There are many reasons why designers, developers, and manufacturers of technological solutions should subscribe to Freemindtronic’s Technical News. Here are just a few:

  • Unique Industry Perspective: Our articles are written from the combined viewpoints of a designer, developer, and manufacturer, providing practical insights into the latest advancements in electronics, embedded systems, cybersecurity, and specialized security solutions (including counter-espionage).

  • Actionable Insights: We go beyond just reporting the news. We analyze how these developments can be applied to solve real-world problems in your field.

  • Stay Ahead of the Curve: Get in-depth coverage of a wide range of tech trends, allowing you to identify new opportunities and threats within the ever-evolving tech landscape.

  • Informed Tech Decisions: Make strategic choices about your technology purchases with unbiased reviews and analyses of the latest tech products and services.

  • Expert Industry Knowledge: Gain valuable insights from leading industry experts through exclusive interviews featured in our Technical News articles.

By subscribing to Freemindtronic’s Technical News, you’ll gain a vital edge in the competitive tech industry.

How to Get Technical News

There are several ways to get Technical informations. You can:

  • Subscribe to our email newsletter.
  • Follow us on social media.
  • Visit our website regularly.

Conclusion

Technical News is your essential resource for the latest tech news and trends. Subscribe to our email newsletter today to stay ahead of the curve.

In addition to the benefits listed above, subscribing to our newsletter gives you access to exclusive content, such as:

We also offer a variety of other resources, including:

No matter how you choose to stay up-to-date on the latest tech news, Freemindtronic has you covered.

Subscribe to our email newsletter today and start getting the information you need to succeed in the tech industry.

 

image_pdfimage_print
2024, Articles, Cardokey, EviSwap NFC NDEF Technology, GreenTech, Technical News

NFC vCard Cardokey: Revolutionizing Digital Networking

Posted on by FMTAD
Cardokey NFC vCard Business: Edit, Read, and Import Contacts Seamlessly on iPhone.
25
Mar

NFC vCard Cardokey: Free Digital Networking Revolution

This article examines Cardokey’s capabilities to create and manage NFC vCard digital business cards without servers, without databases, without the need for account creation, highlighting its commitment to security, privacy and sustainability . Learn how Cardokey leverages NFC technology to facilitate environmentally friendly and secure business information exchanges. Click here to access Cardokey download links

Cardokey NFC vCard Business: Edit, Read, and Import Contacts Seamlessly on iPhone.

2024 Articles Cardokey EviSwap NFC NDEF Technology GreenTech Technical News

NFC vCard Cardokey: Revolutionizing Digital Networking
March 25, 2024
5Ghoul: 5G NR Attacks on Mobile Devices

2023 Articles Communications Cybersecurity Digital Security News Technical News

5Ghoul: 5G NR Attacks on Mobile Devices
December 29, 2023
Quantum computing RSA encryption

2023 Articles EviCore HSM OpenPGP Technology EviCore NFC HSM Technology NFC HSM technology Technical News Technologies

Quantum computing RSA encryption: a threat and a solution
November 12, 2023
Brute Force Attacks Cyber Attack Guide

Articles News Technical News

Brute Force Attacks: What They Are and How to Protect Yourself
November 1, 2023
Fingerprint Systems Really Secure - How to Protect Your Data and Identity

Articles Compagny spying DataShielder Digital Security Industrial spying Military spying NFC HSM technology Spying Technical News Zero trust

Are fingerprint systems really secure? How to protect your data and identity against BrutePrint
October 23, 2023
NFC HSM Devices and RSA 4096 encryption a new standard for cryptographic security serverless databaseless without database by EviCore NFC HSM from Freemindtronic Andorra

Articles Cyberculture NFC HSM technology Technical News

RSA Encryption: How the Marvin Attack Exposes a 25-Year-Old Flaw
October 3, 2023
NFC HSM USB drive SSH Contactless keys manager EviKey NFC & EviCore NFC HSM Compatible Technologies patented from Freemindtronic Andorra Made in France - JPG

2023 Articles EviKey & EviDisk EviKey NFC HSM News NFC HSM technology Technical News

How to secure your SSH key with NFC HSM USB Drive EviKey
September 16, 2023
EviVault NFC HSM and EviCore NFC HSM Embedded ISO 15693 VS Flipper Zero

Articles Digital Security EviVault Technology NFC HSM technology Technical News

EviVault NFC HSM vs Flipper Zero: The duel of an NFC HSM and a Pentester
July 4, 2023

Stay informed with our posts dedicated to Technical News Cyberculture to track its evolution through our regularly updated topics.

Dive into our Tech News section for an in-depth look at the Cardokey NFC vCard, designed by Jacques Gascuel, a pioneer in the field of secure, contactless solutions without the need for servers or databases. Stay up to date and secure with our frequent updates.

NFC vCard: Revolutionize Your Professional Networking

As the creator of Cardokey, I am thrilled to introduce an application revolutionizing the exchange of professional information. Utilizing NFC technology, Cardokey offers a groundbreaking, free, and secure way to create, share, and manage NFC vCard digital business cards without the constraints of traditional methods. Expanding its functionalities to iPhone users, Cardokey now allows for the reading and importing of NFC vCards—a previously costly iOS feature. Moreover, we are on the cusp of enabling Cardokey Pro to convert HSM PGP badges into versatile NFC HSM badges.

The Innovative Concept Behind NFC vCard Cardokey

Cardokey was conceived 3 years ago with the ambition to simplify the sharing of digital identities through secure, data protection law-compliant methods. The application enables anonymous, contactless NFC vCard exchanges, functioning without servers, databases, or account creation, and is designed to operate even in restrictive environments like Faraday cages or in airplane mode. This not only ensures maximum security and privacy but also underscores our commitment to environmental sustainability by repurposing NFC-enabled devices.

Development and Security Features of NFC vCard Cardokey

Crafted by Freemindtronic SL and introduced by Fullsecure Andorra, Cardokey will integrate EviBadge HSM PGP technology, utilizing NFC NDEF storage through EviSwap NFC NDEF technology. This integration ensures the secure storage of encrypted authentication data created by Cardokey Pro Badge. This collaboration enhances Cardokey’s capacity for efficient and secure NFC vCard management, ensuring user privacy and offering flexibility in diverse environments, such as offline or airplane mode.

Ecological Impact and Compliance

Cardokey champions eco-friendly practices in professional networking. We align with the UN’s Sustainable Development Goal #12, adhering to ISO 14001, Basel, and WEEE standards. This commitment not only reduces our carbon footprint but also promotes sustainable consumption and production. Cardokey stands as a beacon for environmental stewardship within the digital networking sphere.

Innovative Reuse of NFC Devices

At Cardokey, we see value in repurposing various NFC devices. From ski lift tickets to more mundane objects, we transform them into vessels of professional connectivity. This practice not only breathes new life into potential waste but also aligns with our vision for a sustainable, connected world. With Cardokey, every NFC device has the potential for a meaningful second act.

Comprehensive Overview of Cardokey NFC vCard Capabilities

Cardokey’s functionalities are pivotal in reshaping professional networking. Our detailed table outlines the vast array of features available to both Android and iPhone users. Cardokey simplifies the creation and management of digital business cards and NFC data, ensuring a seamless, secure, and eco-conscious networking experience.

Intelligent Dynamic NFC Memory Management

A standout feature of Cardokey is its intelligent dynamic NFC memory management. This advanced functionality automatically notifies users of the real available memory space of the NFC device in use. By providing an accurate understanding of the storage capabilities within the NDEF-formatted EEPROM, Cardokey enhances user experience, allowing for informed data storage decisions. This insight into the actual storage potential elevates Cardokey’s usability, ensuring optimal use of NFC device memory.

Cardokey Datasheet: Global Deployment and Multilingual Support

Cardokey revolutionizes digital networking. It integrates Freemindtronic’s NFC NDEF EviSwap technology and complies with IEC/ISO 14443 and ISO/IEC 15693 standards. This datasheet highlights its universal security and usability.

CategoryFeatureAndroid NFCiPhone NFCComing Soon
CreationCraft a vCard considering space
Manually create an NFC NDEF vCard
Generate a vCard from a contact
Edit NFC URLs for social networks
Customize NFC URLs
Badge ModeCreate an NFC badge from an encrypted QR Code created by Cardokey Pro
Management/AdministrationImport NFC vCard to Phone contacts
Manage NFC card data (CRUD)
Handle NFC card contacts (CRUD)
Display contact on phone and card
Convert NFC to NDEF format
Automate NFC card memory management
Translate into 14 languages
HELP (function explanations)

EviSwap technology enables smart, dynamic NFC memory management. It optimizes NFC device use and provides an intuitive user experience. Cardokey facilitates international NFC device recycling and the use of physical NFC products destined for disposal. It promotes environmental care and enables meaningful global exchanges.This merged section showcases Cardokey’s features, international standards compatibility, and commitment to a borderless user experience. It also emphasizes EviSwap technology’s role in enabling secure, sustainable digital transformation in professional networking.

Use Cases for Cardokey

Cardokey’s versatility supports numerous professional networking scenarios:

Eco-Friendly Digital Business Card Exchange:

  • Swap paper cards for NFC vCards to cut carbon footprint and embrace sustainable development.
  • Share professional details effortlessly at various networking events.
  • Update your contact info anytime without reprinting business cards.

Simplified Management of Digital Identities:

  • Securely store and easily access NFC vCards on your mobile device.
  • Manage multiple vCards for diverse professional roles.
  • Import NFC vCards from different apps or platforms.

Creative Reuse of NFC Devices:

  • Repurpose NFC items like ski passes into personal or professional vCards.
  • Revive unused NFC devices, reducing electronic waste.
  • Implement sustainable networking practices through innovative device reuse.

Enhanced Security and Privacy:

  • Discreetly exchange secure information and contacts via non-connected NFC supports.
  • Operate offline for increased privacy, without reliance on servers or databases.
  • Avoid sharing contact details through third-party apps.

Additional Features:

  • NFC vCards in 14 languages enable global networking.
  • Intelligent NFC memory management for optimal storage space usage.
  • Built-in help feature for easy acclimatization.

Added Value of Cardokey

Lifetime Free Updates for NFC vCards:

  • Ensures your information is always current.
  • Highlights Cardokey’s user-focused design.
  • Demonstrates Cardokey’s dedication to user service and sustainability.

Usage of Recycled Materials:

  • Lowers carbon footprint.
  • Offers a responsible alternative for professionals.
  • Positions Cardokey as an innovative and committed solution.

Example with an NFC Ski Ticket:

  • Simplifies sharing memories or professional links.
  • Gives new purpose to otherwise discarded items.
  • Showcases Cardokey’s adaptability to various needs.

Bridging the Gap in Digital Networking

The capabilities of Cardokey extend far beyond simple contact exchange. Our dedication to innovation, security, and ease of use is evident across all features. Upcoming functionalities will further enhance secure, efficient, and green professional networking. With Cardokey, you’re not merely sharing a digital card; you’re making a profound statement about your professional identity in the digital age.

Let’s Summarize

Cardokey is not just an NFC vCard creation application; it is an innovation in many ways that I passionately want to bring to the world. First of all, this tool is free. It works immediately offline, without needing a server, database, or even creating an account to use it. First of all, it should be noted that Cardokey uses NFC technology. Its objective is to actively participate in the digital transformation of the use of business cards in a digital way. At the same time, my innovation demonstrates a strong commitment to safety, security, privacy and environmental sustainability, principles that are dear to me.

Additionally, Cardokey redefines and expands how professionals connect, share and manage their digital identities. Indeed, it promotes the reuse of many NFC devices, ensuring compliance with strict data protection standards. My innovation doesn’t stop there. Since it presents itself as a pioneering solution, respectful of the environment while taking its legitimate place in the field of digital networks for dual civil and military use through its scalable capacity for free services. It’s a seamless simultaneity of technology and sustainability, a vision I’m proud to see brought to life and made available to you for free.

In conclusion Cardokey: More Than an App, a Sustainable Networking Revolution

Cardokey is evolving into much more than just an app; it represents a significant leap forward for professional networking. By integrating NFC vCard technology, Cardokey facilitates not only an eco-friendly and secure exchange of professional information but also sets a new standard in the way we connect in our digital world. The future holds even greater possibilities with the introduction of advanced cyber defense features, positioning Cardokey as an indispensable tool in the landscape of modern professional networking.

Through innovation, security, and a steadfast commitment to ecological responsibility, Cardokey is reimagining what it means to network professionally. It’s not just about sharing a digital card; it’s about forging connections that are secure, private, and impactful, all while caring for our planet. As we continue to develop Cardokey, we are guided by a vision of a world where professional interactions are seamless, sustainable, and above all, secure.

Join us as we move forward into this new era of professional networking. With Cardokey, you’re not just adopting a new tool; you’re embracing a future where technology enhances our professional lives without compromising our values or the environment. Welcome to the future of networking with Cardokey – where innovation meets sustainability.

We Value Your Feedback

If Cardokey has enhanced your networking experience, consider sharing it with others. Your feedback is crucial to us. Please feel free to rate us on the Apple Store and the Play Store. Every star ✨ and comment helps.

Thank you for your support in shaping the future of Cardokey.

2023, Articles, Communications, Cybersecurity, Digital Security, News, Technical News

5Ghoul: 5G NR Attacks on Mobile Devices

Posted on by FMTAD
5Ghoul: 5G NR Attacks on Mobile Devices
29
Dec
5Ghoul Attacks on Mobile Devices written by Jacques Gascuel, inventor of sensitive data safety and security systems, for Freemindtronic. This article may be updated on this subject.

5Ghoul: A Threat to 5G Security

5G has benefits, but also risks. 5Ghoul is a set of 5G NR flaws that affect Qualcomm and MediaTek modems, used by most 5G devices. 5Ghoul can disrupt or make unusable smartphones, routers and modems 5G. In this article, we will see what 5Ghoul is, how it compares to other 5G attacks, and how to protect yourself with contactless encryption, which uses NFC.

Why the NFC hardware wallet with credit card manager is PCI DSS compliant

2020 Legal information

Freemindtronic’s NFC hardware wallets with credit card management are PCI DSS compliant
December 20, 2020
Cardokey NFC vCard Business: Edit, Read, and Import Contacts Seamlessly on iPhone.

2023 Articles Cardokey Eco-friendly EviSwap NFC NDEF Technology GreenTech

NFC Business Cards with Cardokey free for life: How to Connect without Revealing
November 8, 2023
Unitary Patent system European why some EU countries are not on board

2023 Articles Cyberculture EviCore HSM OpenPGP Technology EviCore NFC HSM Browser Extension EviCore NFC HSM Technology Legal information Licences Freemindtronic

Unitary patent system: why some EU countries are not on board
August 1, 2023

Andorran law

Llei 26/2014 del 30 d’octubre de patents
November 21, 2016
Ledger Security Breaches from 2017 to 2023: How to Protect Yourself from Hackers

Articles Crypto Currency Cryptocurrency Digital Security EviPass Technology NFC HSM technology Phishing

Ledger Security Breaches from 2017 to 2023: How to Protect Yourself from Hackers
December 16, 2023

5Ghoul: How Contactless Encryption Can Secure Your 5G Communications from Modem Attacks

5Ghoul is a set of 5G NR vulnerabilities that affect Qualcomm and MediaTek modems. These flaws allow to launch denial-of-service attacks or degrade the quality of the 5G network.

What is 5Ghoul?

5Ghoul is a set of 14 5G NR (New Radio) vulnerabilities, the protocol that governs the communication between 5G devices and base stations (gNB). Among these vulnerabilities, 10 are public and 4 are still confidential. They were discovered by researchers from the Singapore University of Technology and DesignSingapore University of Technology and Design.

The 5Ghoul vulnerabilities exploit implementation errors in Qualcomm and MediaTek modems, which do not comply with the specifications of the 5G NR protocol. They allow an attacker to create a fake base station, which pretends to be a legitimate one, and send malicious messages to 5G devices that connect to it. These messages can cause errors, crashes or infinite loops in the modems, resulting in denial-of-service attacks or degradations of the quality of the 5G network.

Which devices are affected by 5Ghoul?

The researchers tested the 5Ghoul vulnerabilities on 714 models of 5G smartphones from 24 different brands, including Lenovo, Google, TCL, Microsoft, etc. They also tested routers and modems 5G from various manufacturers. They found that the 5Ghoul vulnerabilities affect all 5G devices equipped with Qualcomm and MediaTek modems, which account for more than 90% of the market.

What are the impacts of 5Ghoul?

The impacts of 5Ghoul depend on the vulnerability exploited and the type of device targeted. The researchers classified the 5Ghoul vulnerabilities into three categories, according to their severity:

Level 1 vulnerabilities

Level 1 vulnerabilities are the most severe. They allow to render 5G devices completely unusable, by locking them in a state where they can neither connect nor disconnect from the 5G network. These vulnerabilities require a manual reboot of the devices to be resolved. Among the level 1 vulnerabilities, there is for example the CVE-2023-33043, which causes a crash of the Qualcomm X55/X60 modem by sending an invalid MAC/RLC message.

Level 2 vulnerabilities

Level 2 vulnerabilities are less critical, but still harmful. They allow to degrade the quality of the 5G network, by reducing the throughput, latency or stability of the connection. These vulnerabilities can be resolved by reconnecting to the 5G network. Among the level 2 vulnerabilities, there is for example the CVE-2023-33044, which causes packet loss on the MediaTek T750 modem by sending an invalid RRC message.

Level 3 vulnerabilities

Level 3 vulnerabilities are the least dangerous. They allow to disrupt the normal functioning of 5G devices, by displaying error messages, modifying settings or triggering alerts. These vulnerabilities have no impact on the quality of the 5G network. Among the level 3 vulnerabilities, there is for example the CVE-2023-33045, which causes an error message on the Qualcomm X55/X60 modem by sending an invalid RRC message.

How to protect yourself from 5Ghoul?

The researchers informed the manufacturers of Qualcomm and MediaTek modems of the 5Ghoul vulnerabilities, as well as the 5G network operators and the 5G device manufacturers. They also published a demonstration kit of the 5Ghoul vulnerabilities on GitHub, to raise awareness among the public and the scientific community of the risks of 5G NR.

To protect yourself from 5Ghoul, 5G device users must update their modems with the latest security patches, as soon as they are available. They must also avoid connecting to unreliable or unknown 5G networks, which could be fake base stations. In case of doubt, they can disable 5G and use 4G or Wi-Fi.

How 5Ghoul compares to other 5G attacks?

5Ghoul is not the first security flaw that affects 5G. Other 5G attacks have been discovered in the past, exploiting weaknesses in the protocol or in the equipment. Here are some examples of 5G attacks and their differences with 5Ghoul:

ReVoLTE

ReVoLTE is an attack that allows to listen to voice calls 4G and 5G by exploiting a vulnerability in the encryption of data. This vulnerability is due to the fact that some base stations reuse the same encryption key for multiple communication sessions, which allows an attacker to decrypt the content of the calls by capturing the radio signals.

It is different from 5Ghoul because it does not target the 5G modem, but the encryption of data. ReVoLTE also requires that the attacker be close to the victim and have specialized equipment to intercept the radio signals. ReVoLTE does not cause denial of service or degradation of the network, but it compromises the confidentiality of communications.

ToRPEDO

ToRPEDO is an attack that allows to locate, track or harass mobile phone users 4G and 5G by exploiting a vulnerability in the paging protocol. This protocol is used to notify mobile devices of incoming calls or messages. By sending repeated messages to a phone number, an attacker can trigger paging messages on the network, and thus determine the position or identity of the target device.

It is different from 5Ghoul because it does not target the 5G modem, but the paging protocol. ToRPEDO also requires that the attacker knows the phone number of the victim and has access to the mobile network. ToRPEDO does not cause denial of service or degradation of the network, but it compromises the privacy of users.

IMP4GT

IMP4GT is an attack that allows to degrade the quality of the 5G network by exploiting a vulnerability in the security protocol. This protocol is used to authenticate and encrypt the communications between 5G devices and base stations. By modifying the messages exchanged between the two parties, an attacker can mislead the network and the device on the level of security required, and thus reduce the throughput or latency of the connection.

It is different from 5Ghoul because it does not target the 5G modem, but the security protocol. IMP4GT also requires that the attacker be close to the base station and have equipment capable of modifying the messages. IMP4GT does not cause denial of service or crash of the modem, but it degrades the quality of the network.

SS7

SS7 is a set of signaling protocols used by mobile operators to establish and manage calls and messages between different networks. SS7 has existed since the 1970s and has not evolved much since, making it vulnerable to hacking attacks. By exploiting the flaws of SS7, an attacker can intercept SMS and voice calls, locate and track users, bypass two-factor authentication, or subscribe subscribers to paid services without their consent.

It is different from 5Ghoul because it does not target the 5G modem, but the signaling protocol. SS7 affects all types of mobile networks, including 5G, because it still uses SS7 for some functions, such as mobility management or compatibility with 2G and 3G networks. SS7 requires that the attacker has access to the signaling network, which is not easy to obtain, but not impossible. SS7 does not cause denial of service or crash of the modem, but it compromises the confidentiality and integrity of communications.

How and why to encrypt SMS, MMS and RCS without contact?

Contactless encryption is a method of protecting mobile communications that uses NFC (Near Field Communication) technology to establish a secure connection between two devices. NFC is a wireless communication protocol that allows to exchange data by bringing two compatible devices within a few centimeters of each other.

Contactless encryption relies on the use of an external device called NFC HSM (Hardware Security Module), which is a hardware security module that stores and manages encryption keys. The NFC HSM comes in the form of a card, a keychain or a bracelet, that the user must bring close to his phone to activate the encryption. The NFC HSM communicates with the phone via NFC and transmits the encryption key needed to secure the messages.

The technologies EviCore NFC HSM and EviCypher NFC HSM are examples of contactless encryption solutions developed by the Andorran company Freemindtronic. EviCore NFC HSM is a hardware security module that allows to encrypt SMS, MMS and RCS (Rich Communication Services) end-to-end, meaning that only the recipients can read the messages. EviCypher NFC HSM is a hardware security module that allows to encrypt multimedia files (photos, videos, audio, etc.) and share them via SMS, MMS or RCS.

Contactless encryption has several advantages over conventional encryption of mobile communications:

It offers a higher level of security, because the encryption key is not stored on the phone, but on the NFC HSM, which is more difficult to hack or steal.

It is compatible with all types of mobile networks, including 5G, because it does not depend on the communication protocol used, but on NFC.

It is easy to use, because it is enough to bring the NFC HSM close to the phone to activate the encryption, without having to install a specific application or create an account.

It is transparent, because it does not change the appearance or functioning of the messages, which remain accessible from the native application of the phone.

Statistics on 5Ghoul

How widespread are 5Ghouls? What are the trends and impacts of these flaws? Some statistics on 5Ghoul, based on sources and data that are a priori reliable.

5Ghoul: a threat to 5G devices

5Ghoul is a set of 5G NR vulnerabilities that affect Qualcomm and MediaTek modems, which are used by most 5G devices on the market. According to the researchers who discovered 5Ghoul, these vulnerabilities can cause denial-of-service attacks or network degradations.

  • How many 5G devices are affected by 5Ghoul? According to a report by Counterpoint Research, Qualcomm and MediaTek accounted for 79% of the global smartphone chipset market in Q3 2020. Qualcomm had a 39% share, while MediaTek had a 40% share. Assuming that all Qualcomm and MediaTek chipsets are vulnerable to 5Ghoul, this means that nearly 8 out of 10 smartphones are potentially at risk.
  • How many 5G NR vulnerabilities are known? According to the CVE (Common Vulnerabilities and Exposures) database. There are 16 CVE entries related to 5G NR as of April 2021. Four of them are ZeroDay vulnerabilities that have not been publicly disclosed nor fixed by the manufacturers. These vulnerabilities are classified as level 1 or 2, meaning that they can cause denial-of-service attacks or network degradations.
  • How many 5G attacks have been reported? According to the SANS Internet Storm Center, there have been no reports of 5Ghoul attacks in the wild as of April 2021. However, this does not mean that 5Ghoul is not exploited by malicious actors. The researchers who discovered 5Ghoul have developed a proof-of-concept tool called 5Ghoul-Scanner, which can detect and exploit 5Ghoul vulnerabilities. They have also released a video demonstration of 5Ghoul attacks.

Conclusion

5Ghoul is a security flaw that affects 5G modems from Qualcomm and MediaTek, which are used by most 5G devices on the market. 5Ghoul allows an attacker to disrupt the functioning of smartphones, routers and modems 5G, or even make them unusable. 5Ghoul stands out from other 5G attacks known, such as ReVoLTE, ToRPEDO, IMP4GT or SS7, by the fact that it targets the 5G modem, that it does not require secret information or specialized equipment, and that it causes denial-of-service attacks or degradations of the network. To protect yourself from 5Ghoul, 5G device users must update their modems with the latest security patches, and avoid connecting to unreliable or unknown 5G networks.

2023, Articles, EviCore HSM OpenPGP Technology, EviCore NFC HSM Technology, NFC HSM technology, Technical News, Technologies

Quantum computing RSA encryption: a threat and a solution

Posted on by FMTAD
Quantum computing RSA encryption
12
Nov
Quantum computing RSA encryption by Jacques Gascuel: This article will be updated with any new information on the topic.

Quantum computers RSA cryptography: how to secure your data

Quantum computers can break RSA encryption, which secures our online data. But there are solutions that are resistant to quantum attacks. One of them is Freemindtronic, an Andorran company that notably uses NFC HSM technology to share AES-256 keys using RSA-4096 encryption, which quantum computers cannot decipher.

Cardokey NFC vCard Business: Edit, Read, and Import Contacts Seamlessly on iPhone.

2024 Articles Cardokey EviSwap NFC NDEF Technology GreenTech Technical News

NFC vCard Cardokey: Revolutionizing Digital Networking
March 25, 2024
Cardokey NFC vCard Business: Edit, Read, and Import Contacts Seamlessly on iPhone.

2023 Articles Cardokey Eco-friendly EviSwap NFC NDEF Technology GreenTech

NFC Business Cards with Cardokey free for life: How to Connect without Revealing
November 8, 2023

2023 Articles Cyberculture Eco-friendly Electronics GreenTech Technologies

The first wood transistor for green electronics
April 29, 2023
Hardware Secrets Manager, Eco-friendly, NFC devices, works contactless from Freemindtronic is sustainable technology respects the environment design & product made in Andorra

Eco-friendly GreenTech

Hardware secrets manager Eco-friendly
April 25, 2021

Quantum computing RSA encryption: a challenge and a solution

Quantum computing RSA encryption is a challenge for online security. Quantum computing is a new way of computing that uses quantum physics. It can do things that classical computers cannot or are too slow to do. One of these things is breaking RSA encryption, which secures data online. RSA encryption is based on the difficulty of factoring large numbers. Quantum computers can factor large numbers faster than classical computers. They use algorithms like Shor’s algorithm, which exploits quantum properties.

However, this threat is not imminent. Building and using quantum computers is still challenging and uncertain. Two recent announcements claimed to have cracked RSA encryption with quantum systems. But they have not been verified. The experts are skeptical and doubtful. They have not provided any evidence or details. They have made unrealistic or too good to be true claims. They have not been peer-reviewed or reproduced.

What is RSA encryption?

RSA encryption is a type of asymmetric encryption. It uses two keys: a public key and a private key. The public key can be shared with anyone, but the private key must be kept secret. They are mathematically related, but it is very hard to find the private key from the public key.

How does RSA encryption work?

RSA encryption uses large prime numbers to generate the keys. The public key and the private key are based on the product of two prime numbers. It is easy to multiply two prime numbers, but very hard to factor their product. For example, 17 x 23 = 391, but finding that 391 = 17 x 23 is much harder.

RSA encryption uses keys that are 2048 or 4096 bits long. These are numbers that have 2048 or 4096 binary digits (0 or 1). They are so large that it would take billions of years for a classical computer to factor them. Therefore, RSA encryption is very secure and widely used for online security.

What is quantum computing and how does it work?

Quantum computing is a new way of computing that uses quantum physics. It can do things that classical computers cannot or are too slow to do. Here is how it works:

  • Qubits: Quantum computers use quantum bits, or qubits. They can be 0 or 1, or both at the same time. This is called superposition. When we measure a qubit, it becomes either 0 or 1. This gives us more information than a classical bit, which is always 0 or 1.
  • Entanglement: Quantum computers can also use entanglement. This is when two qubits share a quantum state and affect each other, even if they are far apart. This allows us to manipulate multiple qubits at once and create complex quantum states.
  • Parallelism: Quantum computers can use these properties to perform parallel computations. This means they can do many calculations at the same time, using fewer qubits than classical bits. This can speed up some tasks that are hard for classical computers.

One of these tasks is breaking RSA encryption, which is based on factoring large numbers. Quantum computers can use a quantum algorithm, called Shor’s algorithm, to factor large numbers faster than classical computers. This can break RSA encryption by finding the private key from the public key. However, this requires a quantum computer with many qubits and low errors, which we do not have yet.

Quantum computing RSA encryption: a challenge and a solution

The ability to find an RSA private key from its public key by a quantum computer poses a serious threat to online security. However, this threat is not imminent, as there are still many challenges and uncertainties in building and using quantum computers. Two recent announcements have claimed to have cracked RSA encryption with quantum systems, but they have not been verified and have been met with skepticism and doubt from the experts. They have not provided any evidence or details of their work. They have made assumptions and claims that seem unrealistic or too good to be true. They have not been peer-reviewed or reproduced by other sources.

How quantum computers can break RSA encryption

RSA encryption is a type of asymmetric encryption. It uses two keys: a public key and a private key. The public key can be shared with anyone, but the private key must be kept secret. They are mathematically related, but it is very hard to find the private key from the public key.

RSA encryption uses large prime numbers to generate the keys. The public key and the private key are based on the product of two prime numbers. It is easy to multiply two prime numbers, but very hard to factor their product. For example, 17 x 23 = 391, but finding that 391 = 17 x 23 is much harder.

RSA encryption uses keys that are 2048 or 4096 bits long. These are numbers that have 2048 or 4096 binary digits (0 or 1). They are so large that it would take billions of years for a classical computer to factor them. Therefore, RSA encryption is very secure and widely used for online security.

Quantum computers can break RSA encryption by finding the prime factors of the composite number that is used to generate the public and private keys. Once the prime factors are known, the private key can be easily calculated from the public key, and the encrypted messages can be decrypted. Quantum computers can use a quantum algorithm, called Shor’s algorithm, to factor large numbers faster than classical computers. Shor’s algorithm can factor a large number in polynomial time, which means that the time it takes to factor a number grows relatively slowly as the number gets larger. In contrast, the best classical algorithms for factoring are exponential, which means that the time it takes to factor a number grows very fast as the number gets larger.

Two claims of breaking RSA encryption with quantum systems

Two recent announcements have raised concerns about quantum computing RSA encryption. One is from a team of Chinese researchers, who published a paper on arXiv in December 2022. They claim to have found a faster way to break RSA encryption with a quantum computer of 372 qubits. They combine a classical algorithm, called Schnorr’s algorithm, with a quantum algorithm, called QAOA (Quantum Approximate Optimization Algorithm). Schnorr’s algorithm is a method of factoring large numbers that uses a probabilistic approach and a lattice reduction technique. QAOA is a method of finding approximate solutions to optimization problems using a quantum computer.

The researchers say that by applying QAOA to the most computationally intensive step of Schnorr’s algorithm, they can reduce the number of qubits and the number of operations needed to factor a large number. They also say that they tested their method on a 10-qubit quantum computer and succeeded in factoring a 48-bit number. They extrapolate that their method can scale to factor a 2048-bit number, which is the standard for RSA encryption.

The other announcement is from a researcher named Ed Gerck, who posted on LinkedIn in November 2023. He claims to have decrypted RSA-2048 encryption, the most used public-key algorithm, with a quantum system implementable on a smartphone or a PC running Linux. He says that he developed a quantum algorithm that can calculate prime numbers faster than Shor’s algorithm and that he proved several mathematical conjectures, such as Goldbach’s conjecture. He published an excerpt of his work, but has not provided any proof or detail of his method.

Both announcements are not verified and have been met with skepticism and doubt from the experts. They have not provided any evidence or details of their work. They have made assumptions and claims that seem unrealistic or too good to be true. They have not been peer-reviewed or reproduced by other sources.

Quantum computing RSA encryption: possible solutions

How to protect RSA encryption from quantum attacks?

However, this announcement is not yet verified, and it raises many questions in the scientific community. It is therefore premature to draw hasty conclusions, and we must wait for the publication of the evidence of his work. It is also possible that RSA encryption can be adapted to resist quantum attacks, for example by increasing the length of the keys, or by using masking techniques. In addition, there are alternatives to RSA encryption, supposed to be more robust against quantum computing. These are post-quantum cryptography algorithms, based on other mathematical problems that are difficult to solve for quantum computers. Post-quantum cryptography is a very active field of research, which aims to anticipate the threats that quantum computers would pose to the security of communications. There are several potential candidates to replace RSA encryption, but they must be evaluated and compared in order to choose the most suitable ones for different needs and constraints. The NIST has launched an international competition to select and standardize the best post-quantum encryption algorithms, which should be ready by 2024.

What are the alternatives to RSA encryption?

Some of the alternatives to RSA encryption that are considered to be more resistant to quantum attacks are:

  • Lattice-based cryptography: This is based on the hardness of finding the shortest vector in a high-dimensional lattice, or the closest vector to a given point. Lattice-based cryptography has the advantage of being fast, versatile, and allowing for advanced features such as homomorphic encryption and digital signatures. Some examples of lattice-based algorithms are NTRU, BLISS, and NewHope.
  • Code-based cryptography: This is based on the hardness of decoding a general linear code, or finding the error vector in a noisy transmission. Code-based cryptography has the advantage of being simple, efficient, and having a long history of security analysis. Some examples of code-based algorithms are McEliece, Niederreiter, and BIKE.
  • Multivariate cryptography: This is based on the hardness of solving a system of multivariate polynomial equations over a finite field. Multivariate cryptography has the advantage of being compact, flexible, and allowing for various applications such as encryption, signatures, and identification. Some examples of multivariate algorithms are Rainbow, HFE, and GeMSS.
  • Hash-based cryptography: This is based on the hardness of finding collisions or preimages for a cryptographic hash function. Hash-based cryptography has the advantage of being simple, provably secure, and relying on minimal assumptions. Some examples of hash-based algorithms are XMSS, SPHINCS, and LMS.

How Freemindtronic protects data with RSA-4096 and NFC technology

Freemindtronic is an Andorran company that specializes in security and cybersecurity of information and computer systems. It designs and develops products and services based on NFC (Near Field Communication) technology, which allows wireless communication at short distance.

The HSM of Freemindtronic: devices that store and protect cryptographic keys

One of the products of Freemindtronic is the HSM (Hardware Security Module), which is a device that stores and protects cryptographic keys. The HSM of Freemindtronic uses two technologies: EviCore HSM OpenPGP and EviCore NFC HSM.

  • EviCore HSM OpenPGP is an implementation of the OpenPGP standard, an open standard for encryption and signature of data. It can manage symmetric and asymmetric encryption keys, both standard and OpenPGP. It can also create HSM on any type of storage device, such as key store, key chain, SD card, SSD, USB drive, NAS, cloud, etc. It can work in fixed, offline, or online mode (LAN/WAN).
  • EviCore NFC HSM is a technology that allows to share AES-256 standard keys using RSA-4096 standard encryption. It works without contact with NFC HSM, which use a pair of RSA-4096 keys for secret sharing (AES-256 encryption keys).

The AES-256 standard: a type of symmetric encryption with high level of security

The AES-256 standard is a type of symmetric encryption, which means that it uses the same key to encrypt and decrypt messages. The AES-256 standard offers a high level of security, as it uses keys that are 256 bits long, which are very hard to crack by brute force. The AES-256 standard is widely used for encrypting data and communications, such as files, emails, or messages.

The RSA-4096 encryption: a type of asymmetric encryption that protects the AES-256 keys from quantum attacks

However, the AES-256 standard requires that the key be securely transmitted between the sender and the receiver, without being intercepted, modified, or forged by an attacker. This is where the RSA-4096 encryption comes in, as it provides a way to protect the AES-256 keys from quantum attacks.

The RSA-4096 encryption is a type of asymmetric encryption, which means that it uses two different keys to encrypt and decrypt messages: a public key and a private key. The public key can be shared with anyone, while the private key must be kept secret. The RSA-4096 encryption uses keys that are 4096 bits long, which are out of reach of the current or future quantum computers. The RSA-4096 encryption can encrypt the AES-256 keys with the public key of the receiver, and decrypt them with the private key of the receiver. Thus, only the receiver can access the AES-256 keys, and use them to encrypt or decrypt the messages. The RSA-4096 encryption can also sign the AES-256 keys with the private key of the sender, and verify them with the public key of the sender. Thus, the receiver can ensure the identity of the sender, and the integrity of the AES-256 keys.

The RSA-4096 encryption is therefore an effective way to protect the AES-256 keys from quantum attacks, as it uses keys that are 4096 bits long, which are out of reach of the current or future quantum computers.

The RSA-4096 encryption is also a practical way to share the AES-256 keys between the HSM, as it uses the NFC technology, which allows wireless communication at short distance. The RSA-4096 encryption is therefore a major asset for the technologies of Freemindtronic, which offer an optimal security for the encryption of data.

Conclusion

Quantum computing is a new paradigm of computing that could break RSA encryption, the most common encryption method on the internet. With only 372 qubits, a quantum computer could break RSA encryption, exposing our online data and communications. However, there are solutions and alternatives that can resist quantum attacks. One of them is Freemindtronic, an Andorran company that uses NFC technology to share AES-256 standard keys using RSA-4096 standard encryption, which is beyond the reach of quantum computers. Freemindtronic’s technologies are based on the EviCore HSM OpenPGP and the EviCore NFC HSM, which are hardware devices that store and protect cryptographic keys. EviCore HSM OpenPGP transforms your smartphone, tablet or computer into a hardware security module compatible with the OpenPGP standard. EviCore NFC HSM allows you to store and use your crypto keys and secrets in a contactless NFC device, such as a card, a sticker, or a keychain. Both technologies offer features such as offline isolation, seamless integration, enhanced user experience, and multi-factor authentication. Therefore, Freemindtronic’s technologies are innovative and secure solutions for data and communication encryption, which can withstand quantum attacks and ensure the privacy and integrity of online activities.

Articles, News, Technical News

Brute Force Attacks: What They Are and How to Protect Yourself

Posted on by FMTAD
Brute Force Attacks Cyber Attack Guide
01
Nov
brute force attacks by Jacques Gascuel: This article will be updated with any new information on the topic.

Everything You Need to Know About Brute-force Attacks

80% of cyberattacks are brute force attacks. This technique tests all combinations to find a system’s password, key, or URL. These attacks threaten the security of your data. How to protect yourself? What tools and practices should be adopted? This article explains.

Shadowy hacker with a laptop in front of a digital map of Russia highlighted in red, symbolizing the origin of Kapeka Malware.

2024 Digital Security

Kapeka Malware: Comprehensive Analysis of the Russian Cyber Espionage Tool
April 18, 2024
A modern cybersecurity control center with a diverse team monitoring national cyber threats during the Andorra National Cyberattack Simulation.

2024 Cyberculture Digital Security News Training

Andorra National Cyberattack Simulation: A Global First in Cyber Defense
April 15, 2024
Illustration of an Apple MacBook with a highlighted M-series chip vulnerability, surrounded by symbols of data security breach and a global impact background.

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security
March 25, 2024
Digital world map with cybersecurity icons representing the Cybersecurity Breach at IMF.

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation
March 15, 2024
Digital world map showing cyberattack paths with Midnight Blizzard, Microsoft, HPE logos, email symbols, and password spray illustrations.

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?
March 10, 2024
PrintListener technology concept with NFC security solutions.

2024 Digital Security

PrintListener: How to Betray Fingerprints
February 22, 2024
A visual representation of BitLocker Security featuring a central lock icon surrounded by elements representing Microsoft, TPM, and Windows security settings.

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks
February 10, 2024
Digital shield by Freemindtronic repelling cyberattack against Microsoft Exchange

2024 Articles Digital Security News

How the attack against Microsoft Exchange on December 13, 2023 exposed thousands of email accounts
February 8, 2024

Brute-force Attacks: A Comprehensive Guide to Understand and Prevent Them

Brute Force: danger and protection 80% of cyberattacks are brute force attacks. This technique tests all combinations to find the password, key, URL or hash of a system. These attacks threaten the security of your data. How to protect yourself? What tools and practices to adopt? This article explains:

  • Brute force types and methods : they vary according to the hackers’ method, the intrusion level and the application domain.
  • Brute force on electronic components : physical or electrical techniques are used to target chips or boards.
  • Brute force on passwords, keys, URLs and hashes : software or network techniques are used to access websites, online accounts, encrypted files, etc.
  • Brute force on phone systems : code or key techniques are used to hack landlines, mobiles or VoIP services.
  • Protection from brute force on devices and domains : encryption, authentication, masking, verification or correction techniques can help you strengthen your security.
  • Resistance evaluation of products or services to brute force : a scoring model based on the attack type and severity can help you assess the risk.

Types and Methods of Brute-force Attacks

There are several types and methods of brute force attacks, depending on the hackers’ method, the level of intrusion, and the domain of application.

Hackers’ Method

Hackers can use different methods to perform brute force attacks, depending on the type of data they want to obtain or modify. Here are the most common ones:

  • Simple brute force attacks: hackers try to guess the password of a user without using software, based on personal information or common passwords. These attacks work against users who have weak and easy-to-guess passwords, such as “password”, “1234567890”, or “qwerty”.
  • Dictionary attacks: hackers use software that tries passwords from a predefined list of common words, such as those from a dictionary or a database. These attacks are faster than simple ones but less effective against complex and random passwords.
  • Hybrid brute force attacks: hackers combine the previous two methods by adding variations to the dictionary words, such as numbers, symbols, or capital letters. These attacks are more sophisticated and can crack more robust passwords but they take more time and resources.
  • Reverse brute force attacks: hackers target the username rather than the password, assuming that the password is easier to guess or obtain by other means. These attacks are useful to access accounts that use the same username on multiple sites or services.
  • Distributed brute force attacks: hackers use multiple computers or devices connected to the Internet to perform brute force attacks simultaneously on the same target. These attacks are more powerful and harder to detect because they distribute the load and avoid security measures such as attempt limits or IP blocks.
  • Non-invasive faster than brute force attacks: hackers exploit weaknesses in the design or implementation of a system to reduce the number of combinations to test to find a secret information. For example, they can use a technique called “side-channel cube attack” to break AES encryption in less than 10 minutes with a laptop.
  • Analogous attacks: hackers use methods similar to brute force attacks but that do not test all possible combinations. For example, they can use a technique called “binary search attack” to guess a PIN code in less than 20 tries by exploiting the system’s response (correct/incorrect).

Level of Intrusion

Brute force attacks can also be classified according to the level of intrusion they involve:

  • Invasive attacks: hackers access physically the system or device they want to hack, using for example a keyboard, a USB stick, or a cable. These attacks are more dangerous because they can bypass software or network protections but they require proximity with the target and a risk of being caught.
  • Non-invasive attacks: hackers do not need to access physically the system or device they want to hack; they do it remotely via Internet or wireless network. These attacks are more discreet and easier to perform but they can be blocked by firewalls, antivirus software or secure protocols.

Domain of Application

Hackers’ objectives and motivations determine the domains where they apply brute force attacks. Here are some examples:

  • The civil domain: Hackers use brute force attacks to access personal or professional accounts such as emails, social networks, online banks or cloud services. They can steal sensitive information, impersonate identities, extort money or harm the reputation of the victims.
  • The defense domain: Hackers compromise national or international security by targeting military, governmental or diplomatic systems with brute force attacks. They can spy, sabotage, destabilize or provoke conflicts between countries.
  • The ethical hacking domain: Hackers test the security of systems or devices with brute force attacks by putting themselves in the attackers’ shoes. They can identify and report flaws, improve protections or train users.
  • The research domain: Hackers advance science and technology by exploring the limits of systems or devices with brute force attacks. They can discover new possibilities, innovate or create new products.

Brute-force Attacks on Electronic Components

Brute force attacks are not limited to passwords or encryption keys. They can also target electronic components that store or process data such as chips or integrated circuit boards. These attacks aim to access encrypted or protected information that is in the hardware using physical or electrical techniques.

Invasive Attacks

Invasive attacks are attacks that require direct access to the hardware and that involve modifying or destroying it. These attacks are often used to reverse engineer or extract data from chips or smart cards. Here are some examples:

  • Decapsulation: this technique consists of removing the outer layer of protection of a chip to expose the silicon and the internal layers. This can be done mechanically or chemically for example with nitric acid.
  • Deprocessing: this technique consists of removing progressively the internal layers of a chip to access the transistors and the connections. This can be done with chemicals lasers or focused ion beams (FIB).
  • Removal of the passivation layer: this technique consists of removing the insulating layer that covers the surface of a chip to allow electrical contact with the bonding wires (the thin connections between the chip and the package).
  • Reverse engineering: this technique consists of analyzing the structure and the functioning of a chip or an integrated circuit board to extract the source code the algorithms or the vulnerabilities.
  • Micro-probing: this technique consists of using micro-probes (metal needles) to connect directly to the internal components of a chip or an integrated circuit board and interfere with the signals or extract data.
  • Instantaneous memory attack: this technique consists of freezing a chip or an integrated circuit board to preserve the data that is in the volatile memory (RAM) after cutting off the power supply. This technique allows bypassing the mechanisms of automatic erasure of sensitive data in case of intrusion attempt.
  • Securing pairing algorithms against physical attacks: this technique consists of protecting pairing algorithms which are used for identity-based encryption against physical attacks that aim to modify the behavior of the hardware. This technique uses mathematical methods to detect and correct errors induced by physical disturbances.

Non-invasive Attacks

Non-invasive attacks are attacks that do not need direct access to the hardware but that use auxiliary or hidden channels to obtain or modify data on chips or integrated circuit boards. These attacks exploit the physical characteristics of the hardware such as power consumption electromagnetic field acoustic noise or temperature. Here are some examples:

  • Side-channel attack: this technique consists of measuring a physical parameter related to the functioning of a chip or an integrated circuit board to deduce information about the operations it performs or the data it processes. For example it is possible to guess an encryption key by analyzing the power consumption of a chip while it encrypts or decrypts a message.
  • Fault injection attack: this technique consists of provoking an error in the functioning of a chip or an integrated circuit board by sending it an abnormal signal such as an electric pulse a light wave or ionizing radiation. This technique allows modifying the behavior of the hardware revealing hidden information or bypassing protections.
  • Software flaw attack: this technique consists of exploiting a vulnerability in the software that controls the functioning of a chip or an integrated circuit board to access or modify sensitive data. For example it is possible to take control of a router by using a flaw in its firmware (the internal software that controls the functioning of the hardware).
  • Hidden channel attack: this technique consists of exploiting information that is not directly related to the functioning of the targeted system such as noise temperature or time. For example it is possible to guess the PIN code of a phone by listening to the sound produced by the keys when entering it.

Brute-force Attacks on Passwords Encryption Keys Hidden URLs and Hashes

Passwords encryption keys hidden URLs and hashes are data that serve to protect access or confidentiality of information on Internet. Hackers can try to guess them using brute force attacks which consist in testing all possible combinations until they find the right one. These attacks can have serious consequences such as identity theft account hijacking message decryption or website hacking.

Attacks on Passwords

Passwords are secret codes that users enter to authenticate on a website or an online service. Hackers can try to guess them using brute force attacks simple dictionary hybrid reverse or distributed as we have seen previously. These attacks can allow hackers to access users’ accounts and steal their personal financial or

professional information. To protect themselves from these attacks, users should choose strong and unique passwords, use a password manager, enable two-factor authentication, and avoid phishing emails.

Attacks on Encryption Keys

Encryption keys are data that are used to encrypt or decrypt messages or files. They can be symmetric (the same key is used for encryption and decryption) or asymmetric (two different keys are used: a public key for encryption and a private key for decryption). Hackers can try to guess them using brute force attacks simple or distributed, by testing all possible combinations until they find the right one. These attacks can allow hackers to read or modify confidential messages or files.

To protect themselves from these attacks, users should choose long and random encryption keys, use secure encryption algorithms, do not disclose or store their encryption keys in insecure places, and use secure protocols to exchange their encryption keys with their correspondents, such as the Diffie-Hellman protocol or the SSL/TLS protocol.

Another type of brute force attack targets the data stored in the volatile memory of devices, such as computers and phones. Volatile memory is a type of memory that loses its content when the power supply is cut off. This makes it vulnerable to brute force attacks that aim to extract sensitive data from it, using physical or software techniques. In this section, we will explain what are brute force attacks on volatile memory, how they work, what are the risks and how to prevent them.

Tools for brute force attacks

There are many tools available for brute force attacks on different protocols or services. Some are used for malicious purposes, others for penetration testing or security audit. Here is a non-exhaustive list of tools for brute force attacks:

  • Hashcat: Hashcat claims to be the world’s fastest and most advanced password recovery tool based on CPU. It supports five unique modes of attack for over 300 optimized hashing algorithms.
  • Flipper Zero: a multifunctional device that allows you to perform brute force attacks on RFID, NFC, Bluetooth systems, etc.
  • Gobuster: a tool written in Go that allows you to perform brute force attacks on web directories, DNS subdomains, S3 buckets or virtual hosts.
  • BruteX: a shell-based tool that allows you to perform brute force attacks on different services such as FTP, SSH, Telnet, RDP, VNC, etc.
  • Dirsearch: a tool written in Python that allows you to perform brute force attacks on web directories and files.
  • Callow: a tool written in C# that allows you to perform brute force attacks on web forms.
  • SSB: a tool written in Perl that allows you to perform brute force attacks on SMTP servers.
  • THC-Hydra: a popular tool that allows you to perform brute force attacks on more than 50 protocols such as HTTP, HTTPS, FTP, SSH, Telnet, SMB, etc.
  • Burp Suite: a suite of tools that allows you to perform penetration testing on web applications, including brute force attacks on web forms or HTTP parameters.
  • Patator: a tool written in Python that allows you to perform modular brute force attacks on different services such as HTTP, FTP, SSH, SMTP, etc.
  • Pydictor: a tool written in Python that allows you to generate custom lists for brute force or dictionary attacks.
  • Ncrack: a tool that allows you to perform fast and flexible brute force attacks on different services such as RDP, SSH, Telnet, HTTP(S), POP3(S), etc.

Brute force attacks on volatile memory: a data security risk

Volatile memory is a type of memory that loses its content when the power supply is cut off. This is the case for the random access memory (RAM) of computers and phones, which temporarily stores data and programs that are running. Volatile memory has an advantage: it erases the traces of computer activity in case of power outage or system shutdown. But it also has a drawback: it can be targeted by brute force attacks aiming to recover the sensitive data it contains.

A brute force attack is a method that consists of testing all possible combinations of a password, an encryption key or an access code, until finding the right one. Brute force attacks can be performed using specialized software, which exploits the computing power of computers or networks of machines. Brute force attacks can take a lot of time, depending on the complexity and length of the password, key or code to guess.

Brute force attacks on volatile memory are attacks that aim to extract data stored in the RAM of a computer or a phone, using physical or software techniques. For example, it is possible to cool down the RAM with liquid nitrogen, which allows to preserve its content for a few minutes after the system shutdown. It is then possible to transfer the RAM to another device, and use a brute force software to decrypt the data it contains. It is also possible to use malicious software that infiltrates the system and accesses the RAM, bypassing software or hardware protections.

Brute force attacks on volatile memory pose a risk for data security, because they can allow hackers to access confidential information, such as passwords, encryption keys, personal or professional data, etc. These information can then be used to compromise other systems or services, or to extort the victims. To protect against these attacks, it is recommended to use passwords or keys that are long and complex enough, to encrypt data stored in the RAM, and to update software and hardware to benefit from the latest security measures.

To sum up, brute force attacks on volatile memory are a serious threat for data security, as they can allow hackers to access confidential information, such as passwords, encryption keys, personal or professional data, etc. These information can then be used to compromise other systems or services, or to extort the victims. To protect against these attacks, it is recommended to use passwords or keys that are long and complex enough, to encrypt data stored in the RAM, and to update software and hardware to benefit from the latest security measures.

Attacks on Hidden URLs

Hidden URLs are web addresses that are hidden or modified to avoid being easily accessible or identifiable. They can be used to protect the privacy or security of a website or an online service. For example, a website may use a hidden URL to prevent being indexed by search engines or targeted by hackers. Hackers can try to guess them using brute force attacks simple or distributed, by testing all possible combinations until they find the right one. These attacks can allow hackers to access hidden or forbidden websites, such as illegal, malicious, or sensitive websites.

To protect themselves from these attacks, users should choose long, complex, and random hidden URLs, do not use predictable or easy-to-guess hidden URLs, do not share or publish their hidden URLs with other people or on other websites, and use encryption or authentication techniques to enhance the security of their hidden URLs.

Attacks on Hashes

Hashes are data that result from applying a mathematical function to a message or a file. They are used to verify the integrity or authenticity of a message or a file, by comparing it to the original hash. They can also be used to store passwords securely, by transforming them into irreversible hashes. Hackers can try to guess them using brute force attacks simple, dictionary, or hybrid, by testing all possible combinations until they find the right hash. These attacks can allow hackers to falsify or reveal messages or files.

To protect themselves from these attacks, users should choose secure hashing functions that do not have collisions (two different messages that produce the same hash) or preimages (a message that produces a given hash), use salting (adding a random data to the message before hashing) or peppering (adding a secret data to the message before hashing) techniques to make hashes more resistant to brute force attacks, do not store or transmit their hashes in insecure places, and use secure protocols to exchange their hashes with their correspondents, such as the HMAC protocol or the SSL/TLS protocol.

Brute-force Attacks on Phone Systems

Phone systems are devices that allow communication by voice or text, such as landlines, mobile phones (smartphones), or VoIP services. Hackers can try to hack them using brute-force attacks that consist of guessing codes or keys. These attacks can allow hackers to access data or services of a phone system, such as contacts, messages, calls, payments, or subscriptions.

Attacks on PIN Codes

PIN codes are secret codes of four digits that are used to unlock a mobile phone or a SIM card. Hackers can try to guess them using brute force attacks simple or analogous by testing all possible combinations until they find the right one. These attacks can allow hackers to access data or services of the mobile phone or the SIM card.

To protect themselves from these attacks users should choose random and unpredictable PIN codes that do not contain numerical sequences easy to guess such as “0000” “1234” or “4321”. They should not write or share their PIN codes with other people. They should activate the function of automatic locking of the mobile phone or the SIM card after a certain number of unsuccessful attempts. They should activate the function of automatic reset of the mobile phone or the SIM card after a certain number of unsuccessful attempts.

Attacks on IMEI Codes

IMEI codes are unique codes of 15 digits that identify a mobile phone. They are used to block a mobile phone in case of theft or loss. Hackers can try to guess them using brute force attacks simple or distributed by testing all possible combinations until they find the right one. These attacks can allow hackers to unlock a stolen or lost mobile phone and use it for malicious purposes such as making fraudulent calls sending unwanted messages or accessing personal data of the owner.

To protect themselves from these attacks users should note their IMEI codes and keep them in a safe place. They should not disclose their IMEI codes to unknown or suspicious people. They should report the loss or theft of their mobile phone to their operator and request the blocking of their IMEI codes. They should use a service of location or remote locking of their mobile phone in case of loss or theft.

Attacks BrutePrint

You will surely be amazed by our discoveries! These systems verify your identity on smartphones and other devices by using the unique patterns of your finger. But is their security level? In this study, we explore the weaknesses of these systems and how various actors, from cybercriminals to sovereign entities, can exploit them. We looked at 25 techniques for corrupting fingerprint authentication systems. We will also introduce an effective dual-use defense solution: DataShielder HSM solutions to protect your secrets and sensitive data even if this biometric authentication system becomes compromised. Click is here for more information Attacks BrutePrint.

Evaluation of Products or Services Resistance to Brute-force Attacks

To evaluate the resistance of products or services to brute force attacks we can use a scoring model based on the type and severity of possible attacks. The scoring model can be as follows:

  • For each product or service we identify the possible types of brute force attacks that can target it such as passwords encryption keys hidden URLs hashes PIN codes or IMEI codes.
  • For each type of brute force attack we assign a score from 1 to 5 according to the severity of the attack. The score can be based on the following criteria: the complexity of the attack the time required to perform the attack the impact of the attack on the confidentiality integrity or availability of the data or service and the likelihood of the attack to succeed.
  • We calculate the average score for each product or service by adding up the scores for each type of brute force attack and dividing by the number of types. The lower the score the more resistant the product or service is to brute force attacks.

For example let’s consider two products: a web application and a smartphone. The possible types of brute force attacks and their scores are as follows:

Type of brute-force attackWeb applicationSmartphone
Passwords32
Encryption keys43
Hidden URLs2N/A
Hashes3N/A
PIN codesN/A2
IMEI codesN/A4

The average score for the web application is (3 + 4 + 2 + 3) / 4 = 3. The average score for the smartphone is (2 + 3 + 2 + 4) / 4 = 2.75. Therefore, according to this scoring model, the smartphone is more resistant to brute force attacks than the web application.

Statistics on brute force attacks

Brute force attacks are common and effective methods used by hackers to access systems protected by passwords or encryption keys. According to the IBM Cost of a Data Breach 2022 report, stolen or compromised credentials are the leading cause of data breaches and cost an average of $4.35 million to businesses worldwide in 2021. Brute force attacks are also increasing with the health crisis, which has encouraged remote work and online services. According to Cloudflare, the number of brute force attacks on RDP and SSH protocols increased by 400% between March and April 2020.

The duration and difficulty of a brute force attack depend on the length and complexity of the password or key to guess. According to Cloudflare, a seven-character password would take, at a rate of 15 million keystrokes per second, 9 minutes to crack. An eight-character password would take 4 hours, a nine-character password would take 8 days, and a ten-character password would take 463 days. It is therefore essential to use passwords or keys that are long and random enough to resist brute force attacks.

Real Cases of Brute-force Attacks

Brute force attacks are not only theoretical methods, but also real threats that have affected various domains, such as finance, health, politics, etc. In this section, we will present some examples of brute force attacks that have taken place in recent years, and show their consequences and lessons.

Brute force attacks on financial institutions

Financial institutions are often targeted by brute force attacks, as they store sensitive data and money. For instance, in 2019, a group of hackers used brute force attacks to access the online banking systems of several banks in Eastern Europe and Central Asia. They stole over $100 million from more than 40,000 accounts. The hackers used a software called Cobalt Strike, which allowed them to remotely control the infected computers and launch brute force attacks on the banks’ servers. They also used a technique called “ATM cash-out”, which enabled them to withdraw money from ATMs without using cards.

This case shows the importance of using strong passwords and encryption keys for online banking systems, as well as updating the software and hardware to prevent malware infections. It also shows the need for monitoring and alerting mechanisms to detect and stop brute force attacks in real time.

Brute force attacks on health systems

Health systems are also vulnerable to brute force attacks, as they store personal and medical data that can be used for identity theft or blackmail. For example, in 2020, a hacker group called Maze used brute force attacks to breach the network of Fresenius, Europe’s largest private hospital operator. They encrypted the data and demanded a ransom for its release. The attack affected the hospital’s operations and patient care, as well as its subsidiaries that produce dialysis products and blood transfusion devices.

This case illustrates the impact of brute force attacks on human lives and health services. It also highlights the need for securing the network and data of health systems, as well as having backup and recovery plans in case of an attack.

Brute force attacks on political systems

Political systems are not immune to brute force attacks, as they can influence the outcome of elections or policies. For instance, in 2016, a hacker group called Fancy Bear used brute force attacks to access the email accounts of several members of the Democratic National Committee (DNC) in the United States. They leaked the emails to WikiLeaks, which published them online. The leaked emails revealed internal conflicts and controversies within the DNC, and damaged the reputation of Hillary Clinton, who was running for president against Donald Trump.

This case demonstrates the power of brute force attacks to manipulate public opinion and interfere with democratic processes. It also underscores the need for protecting the email accounts and communications of political actors, as well as educating the public about cyber threats and misinformation.

How to Prevent Brute-force Attacks

Brute force attacks are a serious threat to the security and privacy of users, systems, and devices. Therefore, it is important to take preventive measures to avoid or mitigate their impact. Here are some general tips to prevent brute force attacks:

  • Use strong and unique passwords, encryption keys, hidden URLs, hashes, PIN codes, and IMEI codes. They should be long, complex, and random, containing letters, numbers, and symbols. They should not be based on personal or predictable information, such as names, dates, or phone numbers.
  • Use secure encryption algorithms and hashing functions. They should not have known or exploitable flaws or weaknesses, such as collisions or preimages. They should have enough entropy (degree of unpredictability) to resist brute force attacks.
  • Use secure protocols and techniques to exchange and store data. They should provide encryption, authentication, verification, correction, masking, or salting features. They should use secure channels and devices to transmit and store data.
  • Use security software and hardware to protect systems and devices. They should include firewalls, antivirus software, sensors, or locks. They should detect and block brute force attacks or trigger self-destruction or data erasure mechanisms.
  • Use ethical hacking and research to test and improve the security of systems and devices. They should identify and report vulnerabilities, flaws, or weaknesses. They should provide solutions, innovations, or products to enhance the security of systems and devices.

In conclusion

In this article, we have explored the topic of brute force attacks, also known as trial-and-error or exhaustive attacks. We have seen that brute force attacks are methods used by hackers to access systems protected by passwords or encryption keys, by testing all possible combinations until finding the right one. We have also seen that there are different types and methods of brute force attacks, depending on the hackers’ method, the level of intrusion, the domain of application and the tools used. We have focused on some specific types of brute force attacks, such as those on electronic components, passwords, encryption keys, hidden URLs, hashes and phone systems. We have also evaluated the resistance of products or services to brute force attacks, by presenting some real cases and some criteria to assess the security level. Finally, we have given some tips on how to prevent brute force attacks, by using long and complex passwords or keys, encrypting data, updating software and hardware, and using security tools.

Brute force attacks are a serious threat for data security and privacy, as they can allow hackers to access confidential information, compromise other systems or services, or extort the victims. Therefore, it is essential to be aware of the risks and the solutions to protect yourself from brute force attacks. If you want to learn more about this topic, you can check the sources that we have cited throughout this article.

Articles, Compagny spying, DataShielder, Digital Security, Industrial spying, Military spying, NFC HSM technology, Spying, Technical News, Zero trust

Are fingerprint systems really secure? How to protect your data and identity against BrutePrint

Posted on by FMTAD
Fingerprint Systems Really Secure - How to Protect Your Data and Identity
23
Oct
Fingerprint Systems Really Secure by Jacques Gascuel: This article will be updated with any new information on the topic.

Fingerprint Security

You will surely be amazed by our discoveries! These systems verify your identity on smartphones and other devices by using the unique patterns of your finger. But is their security level? In this study, we explore the weaknesses of these systems and how various actors, from cybercriminals to sovereign entities, can exploit them. We looked at 25 techniques for corrupting fingerprint authentication systems. We will also introduce an effective dual-use defense solution: DataShielder HSM solutions to protect your secrets and sensitive data even if this biometric authentication system becomes compromised.

Fingerprint Biometrics: An In-Depth Exploration of Security Mechanisms and Vulnerabilities

It is a widely recognized biometric authentication system for identity verification. In this overview of fingerprint authentication systems, we will explore comprehensively to understand the complex world of fingerprint biometrics. Our goal is to provide a detailed exploration of these systems, their inner workings, vulnerabilities, and countermeasures.

Demystifying Fingerprint Systems: A Thorough Examination

Two fundamental components make up these systems: the fingerprint sensor and the comparison algorithm.:

The Fingerprint Sensor: Where Biometric Data Begins

These systems rely on an essential component: the fingerprint sensor. It captures the finger image and converts it into a digital format. Different types of sensors exist, each with their advantages and disadvantages:

  1. Optical sensors: They use light and a camera to create a high-resolution image.
  2. Capacitive sensors: They use an array of small capacitors to measure the differences in electrical charge between the ridges and valleys.
  3. Ultrasonic sensors: They use sound waves to create a three-dimensional image.
  4. Thermal sensors: They detect the heat emitted by the finger to generate an image.

The Comparison Algorithm: The Gatekeeper of Access

The comparison algorithm is a critical software component that analyzes the captured fingerprint image. Its role is vital:

  • Image Analysis: The algorithm scrutinizes the fingerprint image, extracting its unique features.
  • Template Comparison: It then compares these features to one or more stored templates, serving as reference fingerprints for authorized users.
  • Threshold Criteria: Access is granted if the algorithm determines a significant similarity between the captured image and a stored template, surpassing a predefined threshold. If not, the system considers the fingerprint invalid and denies access.

Fingerprint System Vulnerabilities and Attack Techniques

First, before evaluating attack techniques against fingerprinting systems, let’s explore different attack types, techniques, motivations, and strategies. In our thorough analysis of fingerprint system vulnerabilities, we must acknowledge numerous attack techniques employed by various actors. These techniques, driven by diverse motivations ranging from personal gain to malicious intent, illuminate the complexities of fingerprint system security. We’ve identified a total of twenty-five (25) distinct attack types, categorized into five groups in this study: “Electronic Devices for Biometric Attacks,” “Additional Fingerprint Attacks,” “Advanced Attacks,” “Attacks on Lock Patterns,” and “Attacks on Fingerprint Sensors.”

Attacks on Fingerprint Sensors

Fingerprint sensors, a common biometric authentication method, are vulnerable to several attack types and techniques update 23 february 2024:

ATTACK TYPETECHNIQUEMOTIVATIONSSTRATEGIES
Residual Fingerprint AttackRecovers the smartphone owner’s fingerprint left on surfaces, reproducing it.Identity theft, unauthorized access, or malicious purposes.Exploits traces of fingerprints on surfaces using materials like gelatin, silicone.
Code Injection AttackInjects malicious code to bypass fingerprint sensor security.Compromises device security for data theft or illicit activities.Exploits software vulnerabilities for unauthorized access to biometric data.
False Acceptance AttackThe system accepts a fingerprint that doesn’t belong to the authorized user.Identity theft, unauthorized access, or malicious intentions.Can occur due to poor sensor quality, a high tolerance threshold, or similarity between different individuals’ fingerprints.
False Rejection AttackThe system rejects a fingerprint that belongs to the authorized user.Identity theft, unauthorized access.Can occur due to poor sensor quality, a low tolerance threshold, environmental changes, or alterations to the user’s fingerprint.
Substitution AttackTricks the system with an artificial fingerprint.Identity theft or unauthorized access.Can be done using materials like gelatin, silicone, latex, or wax.
Modification AttackTricks the system with a modified fingerprint.Identity theft or to conceal the user’s identity.Can be done using techniques like gluing, cutting, scraping, or burning.
Impersonation AttackTricks the system with another user’s fingerprint, either with their consent or by force.Identity theft using force, threats, bribery, or seduction.Uses the fingerprint of another user who has given consent or has been coerced into doing so.
Adversarial Generation AttackTricks the system with images of fingerprints generated by an adversarial generative adversarial network (GAN).Bypasses liveness detection methods based on deep learning.Mimics the appearance of real fingerprints.
Acoustic Analysis AttackTricks the system by listening to the sounds emitted by the fingerprint sensor during fingerprint capture.Can reconstruct the fingerprint image from acoustic signals.Use noise cancellation techniques, encrypt acoustic signals, or use liveness detection methods
Partial Print AttackTricks the system with a partial fingerprint from the registered fingerprint.Increases the false acceptance rate by exploiting the similarity between partial prints of different users.Can use a portion of the registered fingerprint.
Privilege Escalation AttackExploits vulnerabilities in the operating system or application to obtain higher privileges than those granted by fingerprint authenticationCan access sensitive data, manipulate system files, perform unauthorized actions, or bypass security measuresUse strong passwords, enforce multi-factor authentication, limit user privileges, patch system vulnerabilities, monitor user activities, and audit logs
Spoofing AttackImitates a legitimate fingerprint or identity to deceive the system or the userCan gain access, steal information, spread malware, or impersonate someone.Use liveness detection methods, verify the authenticity, avoid trusting unknown sources, and report spoofing attempts
PrintListener: Side-channel AttackUtilizes acoustic signals from finger friction on touchscreens to replicate fingerprintsGain unauthorized access to devices and services protected by fingerprint authenticationImplement noise interference, use advanced fingerprint sensors resistant to acoustic analysis, enable multifactor authentication, regularly update security protocols

For more information on new attack type “PrintListener” (a specific acoustic analysis attack), readers are encouraged to explore the detailed article at https://freemindtronic.com/printlistener-technology-fingerprints/.
These attacks expose vulnerabilities in fingerprint sensor technology and underline the need for robust security measures.

Attacks on Lock Patterns (For Lock Screen Authentication)

Lock patterns, often used on mobile devices for screen unlocking, are susceptible to various attack techniques:

ATTACK TYPETECHNIQUEMOTIVATIONSSTRATEGIES
Brute Force AttackAttempts all possible lock pattern combinations.Gains unauthorized device access.Systematically tests different pattern combinations.
Replica Fingerprint AttackUses a 3D printer to create a replica fingerprint.Unauthorized access or identity theft.Produces a replica for sensor authentication.
Sensor VulnerabilitiesExploits sensor technology vulnerabilities.Compromises device security for malicious purposes.Identifies and exploits sensor technology weaknesses.
BrutePrint AttackIntercepts messages, emulating the fingerprint sensor.Gains unauthorized access, often with hardware components.Exploits communication protocol vulnerabilities.

These attacks target the vulnerabilities in lock pattern authentication and underscore the importance of strong security practices.

Advanced Attacks

Advanced attacks employ sophisticated techniques and technologies to compromise fingerprint systems:

ATTACK TYPETECHNIQUEMOTIVATIONSSTRATEGIES
Presentation AttackPresents manipulated images or counterfeit fingerprints.Espionage, identity theft, or malicious purposes.Crafts counterfeit fingerprints or images to deceive sensors.
Rapid Identification AttackUses advanced algorithms to swiftly identify fingerprints.Corporate espionage, financial gain, or enhanced security.Quickly identifies fingerprints from extensive datasets.
Digital Footprint AttackCollects and analyzes the online data and activity of the target, using open source intelligence tools or data brokersCan obtain personal information, preferences, habits, or vulnerabilities of the target.Use privacy settings, delete unwanted data, avoid oversharing, and monitor online reputation

These advanced attacks leverage technology and data to compromise fingerprint-based security.

Network-Based Attacks

Network-based attacks are those that target the communication or data transmission between the device and the fingerprint authentication system. These attacks can compromise the integrity, confidentiality, or availability of the biometric data or the user session. In this section, we will discuss four types of network-based attacks: phishing, session hijacking, privilege escalation, and spyware.

ATTACK TYPETECHNIQUEMOTIVATIONSSTRATEGIES
Phishing AttackTechnique: Phishing attacks involve sending fraudulent messages to victims, enticing them to click on a link or download an attachment. These malicious payloads may contain code designed to steal their fingerprints or redirect them to a fake website requesting authentication.Motivations: Phishing attacks are motivated by the desire to deceive and manipulate users into revealing their fingerprint data or login credentials.Strategies: Phishing attackers employ various tactics, such as crafting convincing emails, spoofing legitimate websites, and using social engineering to trick users.
Session Hijacking AttackTechnique: Session hijacking attacks aim to intercept or impersonate an authenticated user’s session, exploiting communication protocol vulnerabilities or using spyware.Motivations: Session hijacking is typically carried out to gain unauthorized access to sensitive information or systems, often for financial gain or espionage.Strategies: Attackers employ packet sniffing, session token theft, or malware like spyware to compromise and take control of active user sessions.
Spyware AttackTechnique: Spyware attacks infect the device with spyware to capture fingerprint data.Motivations: Spyware attacks are driven by the objective of illicitly obtaining biometric data for malicious purposes, such as identity theft or unauthorized access.Strategies: Attackers use spyware to secretly record and transmit fingerprint information, often through backdoors or covert channels, without the victim’s knowledge.
Predator FilesInfects Android phones with a spyware application that can access their data, including fingerprint information.Sold to multiple governments for targeting political opponents, journalists, activists, and human rights defenders in over 50 countries.Use spyware detection and removal tools, update system software, avoid downloading untrusted applications, and scan devices regularly

As we can see from the table above, network-based attacks pose a serious threat to fingerprint authentication systems and users’ privacy and security. Therefore, it is essential to implement effective countermeasures and best practices to prevent or mitigate these attacks. In the next section, we will explore another category of attacks: physical attacks.

Electronic Devices for Biometric Attacks

Some electronic devices are designed to target and compromise fingerprint authentication systems. Here are some notable examples:

DeviceDescriptionUsageSTRATEGIES
Cellebrite UFEDA portable device capable of extracting, decrypting, and analyzing data from mobile phones, including fingerprint data. Used by law enforcement agencies worldwide.Used by law enforcement agencies to access digital evidence on mobile phones.Applies substances to damage or obscure sensor surfaces.
GrayKeyA black box device designed to unlock iPhones protected by passcodes or fingerprints using a “brute force” technique. Sold to law enforcement and government agencies for investigative purposes.Sold to law enforcement and government agencies for investigative purposes to unlock iPhones.Use strong passwords, enable encryption, disable USB access, and update system software.
Chemical AttacksAlters or erases fingerprints on sensors.Prevents identification or creates false identities.Use fingerprint enhancement techniques, verify the authenticity, and use liveness detection methods

These devices pose a high risk to biometric systems because they can allow malicious actors to access sensitive information or bypass security measures. They are moderate to high in ease of execution because they require physical access to the target devices and the use of costly or scarce devices. Their historical success is variable because it depends on the quality of the devices and the security of the biometric systems. They are currently relevant because they are used by various actors, such as government agencies, law enforcement, or hackers, to access biometric data stored on mobile phones or other devices. This comprehensive overview of attack types, techniques, motivations, and strategies is crucial for improving biometric authentication system security.

BrutePrint: A Novel Attack on Fingerprint Systems on Phones

Fingerprint systems on phones are not only vulnerable to spoofing or data breach attacks; they are also exposed to a novel attack called BrutePrint. This attack exploits two zero-day vulnerabilities in the smartphone fingerprint authentication (SFA) framework. BrutePrint allows attackers to bypass the attempt limit and liveness detection mechanisms of fingerprint systems on phones. It also enables them to perform unlimited brute force attacks until finding a matching fingerprint.

How BrutePrint Works

Fingerprint Systems Really Secure : BrutePrint

BrutePrint works by hijacking the fingerprint images captured by the sensor. It applies neural style transfer (NST) to generate valid brute-forcing inputs from arbitrary fingerprint images. BrutePrint also exploits two vulnerabilities in the SFA framework:

  • Cancel-After-Match-Fail (CAMF): this vulnerability allows attackers to cancel the authentication process after a failed attempt. It prevents the system from counting the failed attempts and locking the device.
  • Match-After-Lock (MAL): this vulnerability allows attackers to infer the authentication results even when the device is in “lock mode”. It guides the brute force attack.To perform a BrutePrint attack, attackers need physical access to the phone, a database of fingerprints, and a custom-made circuit board that costs about 15 dollars. The circuit board acts as a middleman between the sensor and the application. It intercepts and manipulates the fingerprint images.

How to Prevent BrutePrint

BrutePrint is a serious threat to phone users who rely on fingerprint systems to protect their devices and data. It shows that fingerprint systems on phones are not as secure as they seem. They need more robust protection mechanisms against brute force attacks. Some of the possible ways to prevent BrutePrint are:

  • Updating the phone’s software: this can help fix the vulnerabilities exploited by BrutePrint and improve the security of the SFA framework.
  • Using multifactor authentication: this can increase the level of security and reduce the risks of spoofing or brute force attacks. It combines fingerprint authentication with another factor, such as a password, a PIN code, a pattern lock screen ,or other trust criteria that allows patented segmented key authentication technology developed by Freemindtronic in Andorra .
  • Use of DataShielder HSM solutions: these are solutions developed by Freemindtronic in Andorra that allow you to create HSM (Hardware Security Module) on any device, without a server or database, to encrypt any type of data. DataShielder HSM solutions also include EviSign technology, which enables advanced electronic signing of documents. DataShielder HSM solutions are notably available in Defense versions, which offer a high level of protection for civil and/or military applications.

Assessing Attack Techniques: Ease of Execution and Current Relevance

In our pursuit of understanding fingerprint system vulnerabilities, it is crucial to assess not only the types and forms of attacks but also their practicality and current relevance. This section provides an in-depth evaluation of each attack technique, considering factors such as the ease of execution, historical success rates, and their present-day applicability.

Attack Techniques Overview

Let’s analyze the spectrum of attack techniques, considering their potential danger, execution simplicity, historical performance, and present-day relevance.

Attack TypeLevel of DangerEase of ExecutionHistorical SuccessCurrent Relevance
Residual Fingerprint AttackMediumModerateVariableOngoing
Code Injection AttackHighModerateVariableStill Relevant
Acoustic Analysis AttackMediumLowFluctuatingOngoing Concerns
Brute Force AttackHighLowVariableContemporary
Replica Fingerprint AttackMediumModerateFluctuatingStill Relevant
Sensor VulnerabilitiesHighModerateVariableOngoing Significance
BrutePrint AttackHighHighVariableContinues to Pose Concerns
Presentation AttackHighModerateDiverseStill Pertinent
Rapid Identification AttackHighLowVariableOngoing Relevance
Digital Footprint AttackHighLowFluctuatingCurrently Pertinent
Chemical AttacksHighLowVariableOngoing Relevance
Phishing AttackHighModerateVariableModern Threat
Session Hijacking AttackHighLowVariableOngoing Relevance
Privilege Escalation AttackHighLowVariableRemains Significant
Adversarial Generation AttackHighModerateVariableStill in Use
Acoustic Analysis Attack (Revisited)MediumLowFluctuatingOngoing Concerns
Partial Print AttackMediumLowVariableCurrently Relevant
Electronic Devices for Biometric AttacksHighModerate to HighVariableCurrently Relevant
PrintListener (Specific Acoustic Analysis Attack)HighModerateEmergingHighly Relevant

Understanding the Evaluation:

  • Level of Danger categorizes potential harm as Low, Moderate, or High.
  • Ease of Execution is categorized as Low, Medium, or High.
  • Historical Success highlights fluctuating effectiveness.
  • Current Relevance signifies ongoing concerns in contemporary security landscapes.

By assessing these attack techniques meticulously, we can gauge their practicality, historical significance, and continued relevance.

The type of attack by electronic devices for biometric systems is very dangerous because it can allow malicious actors to access sensitive information or bypass the protections of biometric systems. Its ease of execution is moderate to high, as it requires physical access to target devices and the use of expensive or difficult-to-obtain devices. Its historical success is variable because it depends on the quality of the devices used and the security measures implemented by the biometric systems. It is currently relevant because it is used by government agencies, law enforcement or hackers to access biometric data stored on mobile phones or other devices.

Statistical Insights into Fingerprint Systems

Fingerprint systems have found wide-ranging applications, from law enforcement and border control to banking, healthcare, and education. They are equally popular among consumers who use them to unlock devices or access online services. However, questions linger regarding their reliability and security. Let’s delve into some pertinent statistics:

According to Acuity Market Intelligence, 2018 saw more than 1.5 billion smartphones equipped with fingerprint sensors, constituting 60% of the global market.

The IAFIS Annual Report of 2020 revealed that more than 1.3 billion fingerprint records were stored in national and international databases in 2019.

According to the National Institute of Standards and Technology (NIST), the average false acceptance rate of fingerprint systems in 2018 was 0.08%, marking an 86% decrease compared to 2013.

These statistics shed light on the widespread adoption of fingerprint systems and their improved accuracy over time. Nevertheless, they also underline that these systems, while valuable, are not without their imperfections and can still be susceptible to errors or manipulation.

Real-World Cases of Fingerprint System Corruption: Phone Cases

Fingerprint system corruption can also affect phone users, who rely on fingerprint sensors to unlock their devices or access online services. However, these sensors are not foolproof and can be bypassed or exploited by skilled adversaries. These attacks can result in device theft, data breaches, or other security issues.

Here are some examples of fingerprint system corruption that involve phones:

  • German hacker Jan Krissler, alias Starbug, remarkably unlocked the smartphone of the German Defense Minister Ursula von der Leyen in 2014 using a high-resolution photo of her thumb taken during a press conference. He employed image processing software to enhance the photo’s quality and created a counterfeit fingerprint printed on paper.
  • A terrorist attack at the Istanbul airport killed 45 people and injured more than 200 in 2016. The investigators found that the three suicide bombers used fake fingerprints to enter Turkey and avoid security checks. They copied the fingerprints of other people from stolen or forged documents.
  • Researchers from Tencent Labs and Zhejiang University discovered in 2020 that they could bypass a fingerprint lock on Android smartphones using a brute force attack, that is when a large number of attempts are made to discover a password, code or any other form of security protection.
  • Experts from Cisco Talos created fake fingerprints capable of fooling the sensors of smartphones, tablets and laptops as well as smart locks in 2020, but it took them a lot of effort.
  • A case of identity theft was discovered in France in 2021, involving the use of fake fingerprints to obtain identity cards and driving licenses. The suspects used silicone molds to reproduce the fingerprints of real people, and then glued them on their fingers to fool the biometric sensors.
  • Researchers from the University of Buffalo developed a method in 2021 to create artificial fingerprints from images of fingers. These fingerprints can fool the sensors of smartphones, but also more advanced biometric systems, such as those used by police or airports.
  • A report by Kaspersky revealed in 2021 that banking apps on smartphones are vulnerable to attacks by falsified fingerprints. Attackers can use malware to intercept biometric data from users and use them to access their accounts.

These cases highlight the significant threats posed by fingerprint system corruption to phone users. Therefore, it is important to protect these systems against external and internal threats while integrating advanced technologies to enhance security and reliability.

DataShielder HSM: A Counter-Espionage Solution for Fingerprint System Security

You have learned in the previous sections that fingerprint systems are not foolproof. They can be corrupted by attacks that expose your secrets and sensitive data. To prevent malicious actors from capturing them, you need an effective and reliable encryption solution, even if your phone is compromised.

Freemindtronic, the leader in NFC HSM technologies, designed, developed, published and manufactured DataShielder HSM in Andorra. It is a range of solutions that you need. You can use either EviCore NFC HSM or EviCore HSM OpenPGP technology with DataShielder HSM. It lets you encrypt your data with segmented keys that you generate randomly yourself. The key segments are securely encrypted and stored in different locations. To access your secrets and your sensitive data encrypted in AES 256 quantum, you need to bring all segments together for authentication.

DataShielder HSM has two versions: DataShielder NFC HSM for civil and military use, and DataShielder NFC HSM Defense for sovereign use. DataShielder NFC HSM Defense integrates two technologies: EviCore NFC HSM and EviCore HSM OpenPGP. They allow you to create a hardware security module (HSM) without contact on any medium, without server, without database, totally anonymous, untraceable and undetectable.

DataShielder HSM is a user-friendly and compatible solution with all types of phone, with or without NFC, Android or Apple. It can be used for various purposes, such as securing messaging services, encrypting files or emails, signing documents or transactions, or generating robust passwords.

DataShielder HSM is a counter-espionage solution that enhances the security of fingerprint systems. It protects your data and secrets from unauthorized access, even if your fingerprint is compromised.

Current Trends and Developments in Fingerprint Biometrics

Fingerprint biometrics is a constantly evolving field. It seeks to improve the performance, reliability and security of existing systems. But it also develops new technologies and applications. Here are some current or expected trends and developments in this field.

  • Multimodality: it consists of combining several biometric modalities (fingerprint, face, iris, voice, etc.) to increase the level of security and reduce the risks of error or fraud. For example, some smartphones already offer authentication by fingerprint and facial recognition.
  • Contactless biometrics: it consists of capturing fingerprints without the need to touch a sensor. This technique avoids the problems related to the quality or contamination of fingerprints. And it improves the comfort and hygiene of users. For example, some airports already use contactless scanners to verify the identity of travelers.
  • Behavioral biometrics: it consists of analyzing the behavior of users when they interact with a biometric system. For instance, the way they place their finger on the sensor or the pressure they exert. This technique adds a dynamic factor to identification. And it detects attempts of impersonation or coercion. For example, some banking systems already use behavioral biometrics to reinforce the security of transactions.

Standards and Regulations for Fingerprint Systems

The use of fingerprint systems is subject to standards and regulations. They aim to ensure the quality, compatibility and security of biometric data. These standards and regulations can be established by international, national or sectoral organizations. Here are some examples of standards and regulations applicable to fingerprint systems.

  • The ISO/IEC 19794-2 standard: it defines the format of fingerprint data. It allows to store, exchange and compare fingerprints between different biometric systems. It specifies the technical characteristics, parameters and procedures to be respected to ensure the interoperability of systems.
  • The (EU) 2019/1157 regulation: it concerns the strengthening of the security of identity cards and residence permits issued to citizens of the European Union and their relatives. It provides for the mandatory introduction of two fingerprints in a digital medium integrated into the card. It aims to prevent document fraud and identity theft.
  • The Data Protection Act: it regulates the collection, processing and storage of personal data, including biometric data. It imposes on data controllers to respect the principles of lawfulness, fairness, proportionality, security and limited duration of data. It guarantees to data subjects a right of access, rectification and opposition to their data.

Examples of Good Practices for Fingerprint System Security

Fingerprint systems offer a convenient and effective way to authenticate people. But they are not without risks. It is important to adopt good practices to strengthen the security of fingerprint systems and protect the rights and freedoms of users. Here are some examples of good practices to follow by end users, businesses and governments.

  • For end users: it is recommended not to disclose their fingerprints to third parties, not to use the same finger for different biometric systems, and to check regularly the state of their fingerprints (cuts, burns, etc.) that may affect recognition. It is also advisable to combine fingerprint authentication with another factor, such as a password or a PIN or other trust criteria that allows the patented segmented key authentication technology developed by Freemindtronic in Andorra.
  • For businesses: it is necessary to comply with the applicable regulation on the protection of personal data, and to inform employees or customers about the use and purposes of fingerprint systems. It is also essential to secure biometric data against theft, loss or corruption, by using encryption, pseudonymization or anonymization techniques.
  • For governments: it is essential to define a clear and consistent legal framework on the use of fingerprint systems, taking into account ethical principles, fundamental rights and national security needs. It is also important to promote international cooperation and information exchange between competent authorities, in compliance with existing standards and conventions.

Responses to Attacks

Fingerprint systems can be victims of attacks aimed at bypassing or compromising their operation. These attacks can have serious consequences on the security of people, property or information. It is essential to know how to react in case of successful attack against a fingerprint system. Here are some recommendations to follow in case of incident.

  • Detecting the attack: it consists of identifying the type, origin and extent of the attack, using monitoring, auditing or forensic analysis tools. It is also necessary to assess the potential or actual impact of the attack on the security of the system and users.
  • Containing the attack: it consists of isolating the affected system or the source of the attack, by cutting off network access, disabling the biometric sensor or blocking the user account. It is also necessary to preserve any evidence that may facilitate investigation.
  • Notifying the attack: it consists of informing competent authorities, partners or users concerned by the attack, in compliance with legal and contractual obligations. It is also necessary to communicate on the nature, causes and consequences of the attack, as well as on the measures taken to remedy it.
  • Repairing the attack: it consists of restoring the normal functioning of the fingerprint system, by eliminating the traces of the attack, resetting the settings or replacing the damaged components. It is also necessary to revoke or renew the compromised biometric data, and verify the integrity and security of the system.
  • Preventing the attack: it consists of strengthening the security of the fingerprint system, by applying updates, correcting vulnerabilities or adding layers of protection. It is also necessary to train and raise awareness among users about good practices and risks related to fingerprint systems.

Next Steps for Fingerprint Biometrics Industry

Fingerprint biometrics is a booming field, which offers many opportunities and challenges for industry, society and security. Here are some avenues for reflection on the next steps for this field.

  • Research and development: it consists of continuing efforts to improve the performance, reliability and security of fingerprint systems, but also to explore new applications and technologies. For example, some researchers are working on artificial fingerprints generated by artificial intelligence, which could be used to protect or test biometric systems.
  • Future investments: it consists of supporting the development and deployment of fingerprint systems, by mobilizing financial, human and material resources. For example, according to a market study, the global market for fingerprint systems is expected to reach 8.5 billion dollars in 2025, with an average annual growth rate of 15.66%.
  • Expected innovations: it consists of anticipating the needs and expectations of users, customers and regulators, by offering innovative and adapted solutions. For example, some actors in the sector envisage creating fingerprint systems integrated into human skin, which could offer permanent and inviolable identification.

Conclusion

Fingerprint systems are a convenient and fast way to authenticate users, based on their unique fingerprint patterns. They have many applications in device protection and online service access. However, these systems are not immune to attacks by skilled adversaries, who can manipulate and exploit them. These attacks can lead to unauthorized access, data breaches, and other security issues.

To prevent these threats, users need to be vigilant and enhance security with additional factors, such as PINs, passwords, or patterns. Moreover, regular system updates are crucial to fix emerging vulnerabilities.

Fingerprint systems are still a valuable and common form of authentication. But users must understand their weaknesses and take steps to strengthen system integrity and data protection. One of the possible steps is to use DataShielder HSM solutions, developed by Freemindtronic in Andorra. These solutions allow creating HSM (Hardware Security Module) on any device, without server or database, to encrypt and sign any data. DataShielder HSM solutions also include EviSign technology, which allows electronically signing documents with a legally recognized value. DataShielder HSM solutions are available in different versions, including Defense versions, which offer a high level of protection for civil and military applications.

Articles, Cyberculture, NFC HSM technology, Technical News

RSA Encryption: How the Marvin Attack Exposes a 25-Year-Old Flaw

Posted on by FMTAD
NFC HSM Devices and RSA 4096 encryption a new standard for cryptographic security serverless databaseless without database by EviCore NFC HSM from Freemindtronic Andorra
03
Oct
Marvin attack RSA algorithm & NFC HSM RSA-4096 by Jacques Gascuel: This article will be updated with any new information on the topic.

Decrypting Marvin’s Assault on RSA Encryption!

Simply explore the complex area of ​​RSA encryption and discover strategies to repel Marvin’s attack. This article examines the intricacies of RSA 4096 encryption, ensuring your cryptographic keys and secrets are protected. Discover an innovative NFC HSM RSA 4096 NFC encryption protocol, serverless and databaseless.

Shadowy hacker with a laptop in front of a digital map of Russia highlighted in red, symbolizing the origin of Kapeka Malware.

2024 Digital Security

Kapeka Malware: Comprehensive Analysis of the Russian Cyber Espionage Tool
April 18, 2024
A modern cybersecurity control center with a diverse team monitoring national cyber threats during the Andorra National Cyberattack Simulation.

2024 Cyberculture Digital Security News Training

Andorra National Cyberattack Simulation: A Global First in Cyber Defense
April 15, 2024
Illustration of an Apple MacBook with a highlighted M-series chip vulnerability, surrounded by symbols of data security breach and a global impact background.

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security
March 25, 2024
Digital world map with cybersecurity icons representing the Cybersecurity Breach at IMF.

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation
March 15, 2024
Digital world map showing cyberattack paths with Midnight Blizzard, Microsoft, HPE logos, email symbols, and password spray illustrations.

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?
March 10, 2024
PrintListener technology concept with NFC security solutions.

2024 Digital Security

PrintListener: How to Betray Fingerprints
February 22, 2024
A visual representation of BitLocker Security featuring a central lock icon surrounded by elements representing Microsoft, TPM, and Windows security settings.

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks
February 10, 2024
Digital shield by Freemindtronic repelling cyberattack against Microsoft Exchange

2024 Articles Digital Security News

How the attack against Microsoft Exchange on December 13, 2023 exposed thousands of email accounts
February 8, 2024

How the RSA Encryption – Marvin Attack Reveals a 25-Year-Old Flaw and How to Protect Your Secrets with the NFC HSM Devices

RSA encryptionRSA encryption is one of the most widely used encryption algorithms in the world, but it is not flawless. In fact, a vulnerability of RSA encryption, known as the Marvin attack, has existed for over 25 years and could allow an attacker to recover the private key of a user from their public key. This flaw, which exploits a mathematical property of RSA encryption, was discovered in 1998 by the cryptographer Daniel Bleichenbacher, but it was never fixed or disclosed to the public. In the first part of this article, we will explain in detail how the Marvin attack works and what it means for the security of RSA encryption.

Moreover, NFC HSM and RSA 4096 represent a new dimension in cryptographic security. These technologies allow you to protect and use your cryptographic keys and secrets within a contactless device that communicates with your smartphone through NFC (Near Field Communication). The main advantage they offer is the formidable defense against cyberattacks, achieved by implementing state-of-the-art encryption algorithms and strong security protocols. You can discover more about the very simple functioning of NFC HSM devices for RSA 4096 encryption, as well as their multiple benefits, by reading until the end of this article. Moreover, we will highlight how Freemindtronic used the extreme level of safety of an NFC HSM device to establish, without contact and only on demand, a virtual communication tunnel encrypted in RSA-4096 without a server, without a database, from an NFC HSM device.

The Marvin Attack: Unveiling a 25-Year-Old RSA Flaw

Understanding the Marvin Attack

The Marvin attack targets the RSA algorithm, a foundational asymmetric encryption technique characterized by the use of two distinct keys: a public key and a private key. The public key serves to encrypt data, while the private key is responsible for decryption. These keys mathematically intertwine, yet revealing one from the other presents an exceedingly challenging task.

Named after Marvin the Paranoid Android from “The Hitchhiker’s Guide to the Galaxy,” this attack exploits a vulnerability in the RSA algorithm discovered by Swiss cryptographer Daniel Bleichenbacher in 1998. The vulnerability relates to the padding scheme that the RSA algorithm uses to introduce random bits into the data before encryption. The padding scheme has a design. It makes the encrypted data look random. It also thwarts attacks based on statistics. However, Bleichenbacher showed his ingenuity. He sent special messages to a server. The server used RSA encryption. By doing so, he could learn about the padding scheme. He could also recover the private key.

Implications of the Marvin Attack

The Marvin attack has profound implications for the security and confidentiality of your secrets. If an attacker successfully retrieves your private key, they gain unfettered access to decrypt all your encrypted data and compromise your confidential information. Furthermore, they can impersonate you by signing messages or executing transactions on your behalf.

The Marvin attack isn’t limited to a single domain; it can impact any system or application that uses RSA encryption with a vulnerable padding scheme. This encompasses web servers that employ HTTPS, email servers that use S/MIME, and blockchain platforms that rely on digital signatures.

Notably, NFC HSM devices that use RSA encryption for secret sharing are vulnerable to the Marvin attack. NFC HSM, short for Near Field Communication Hardware Security Module, is a technology facilitating the storage and utilization of cryptographic keys and secrets within contactless devices such as cards, stickers, or keychains. These devices communicate with smartphones via NFC, a wireless technology enabling short-range data exchange between compatible devices.

If an attacker intercepts communication between your NFC HSM device and smartphone, they may try a Marvin attack on your device, potentially recovering your private key. Subsequently, they could decrypt secrets stored within your device or gain access to your online accounts and services.

The Common Factor Attack in RSA Encryption

Understanding the Common Factor Attack

In the realm of RSA encryption, attackers actively exploit a vulnerability known as the Common Factor Attack. Here’s a concise breakdown:

1. Identifying Shared Factors

  • In RSA encryption, public keys (e, n) and private keys (d, n) play pivotal roles.
  • Attackers meticulously seek out common factors within two public keys, exemplified by (e1, n1) and (e2, n2).
  • Upon discovering a shared factor, their mission gains momentum.

2. Disclosing the Missing Factor

  • Once a common factor ‘p’ surfaces, uncovering its counterpart ‘q’ becomes relatively straightforward.
  • This is achieved through the simple act of dividing one key’s module by ‘p’.

3. Attaining Private Keys

  • Empowered with ‘p’ and ‘q,’ attackers adeptly compute private keys like ‘d1’ and ‘d2.’
  • This mathematical process involves modular inverses, bestowing them with access to encrypted content.

4. Decrypting Messages with Precision

  • Armed with private keys ‘d1’ and ‘d2,’ attackers skillfully decrypt messages initially secured by these keys.
  • Employing the formula ‘m = c^d mod n,’ they meticulously unlock the concealed content.

This simplified overview sheds light on the Common Factor Attack in RSA encryption. For a more comprehensive understanding, delve into further details here

Safeguarding Against the Marvin Attack

To fortify your defenses against the Marvin attack, it is imperative to employ an updated version of the RSA algorithm featuring a secure padding scheme. Secure padding ensures that no information about the encrypted data or private key is leaked. For example, you can adopt the Optimal Asymmetric Encryption Padding (OAEP) scheme, a standard endorsed by RSA Laboratories.

Additionally, utilizing a reliable and secure random number generator for generating RSA keys is essential. A robust random number generator produces unpredictable and difficult-to-guess random numbers, a critical element for the security of any encryption algorithm, as it guarantees the uniqueness and unpredictability of keys.

The Marvin attack, though a 25-year-old RSA flaw, remains a persistent threat capable of compromising the security of RSA-encrypted data and communications. Vigilance and adherence to cryptographic best practices are essential for shielding against this menace.

Choosing a trusted and certified provider of NFC HSM devices and RSA encryption services is equally pivotal. A reputable provider adheres to industry-leading security and quality standards. Freemindtronic, a company based in Andorra, specializes in NFC security solutions and has developed a plethora of technologies and patents grounded in NFC HSM devices and RSA 4096 encryption. These innovations offer a spectrum of advanced features and benefits across diverse applications.

In the following section, we will delve into why Freemindtronic has chosen to utilize RSA 4096 encryption in the context of the Marvin attack. Additionally, we will explore how Freemindtronic secures secret sharing among NFC HSM devices, elucidate the concept of NFC HSM devices, and unveil the advantages and benefits of the technologies and patents pioneered by Freemindtronic.

How Does RSA 4096 Work?

RSA 4096 is built upon the foundation of asymmetric encryption, employing two distinct keys: a public key and a private key. The public key can be freely disseminated, while the private key must remain confidential. These keys share a mathematical relationship, but uncovering one from the other poses an exceptionally daunting challenge.

RSA 4096 hinges on the RSA algorithm, relying on the formidable complexity of factoring a large composite number into the product of two prime numbers. RSA 4096 employs prime numbers of 4096 bits in size, rendering factorization virtually impossible with current computational capabilities.

RSA 4096 facilitates four primary operations:

  1. Encryption: Transforming plaintext messages into encrypted messages using the recipient’s public key. Only the recipient can decrypt the message using their private key.
  2. Decryption: Retrieving plaintext messages from encrypted ones using the recipient’s private key. Only the recipient can perform this decryption.
  3. Signature: Adding an authentication element to plaintext messages using the sender’s private key. The recipient can verify the signature using the sender’s public key.
  4. Signature Verification: Validating the authenticity of plaintext messages and their sender using the sender’s public key.

In essence, RSA 4096 ensures confidentiality, integrity, and non-repudiation of exchanged messages.

But how can you choose and utilize secure RSA keys? Are there innovative solutions available to bolster the protection of cryptographic secrets? This is the focal point of our next section, where we will explore the technologies and patents developed by Freemindtronic for RSA 4096 secret sharing among NFC HSM devices.

Technologies and Patents Developed by Freemindtronic for RSA 4096 Secret Sharing among NFC HSM Devices

Freemindtronic employs RSA 4096 to secure the sharing of secrets among NFC HSM devices, driven by a commitment to robust security and trust. RSA 4096 stands resilient against factorization attacks, the most prevalent threats to RSA encryption. It upholds the confidentiality, integrity, and non-repudiation of shared secrets.

Freemindtronic is acutely aware of the potential vulnerabilities posed by the Marvin attack. This attack can compromise RSA if the prime numbers used to generate the public key are too close in proximity. Therefore, Freemindtronic diligently adheres to cryptographic best practices when generating robust and random RSA keys. This involves using large prime numbers, usually larger than 2048 bits, and employing a dependable and secure random number generator Freemindtronic regularly validates the strength of RSA keys through online tools or other means and promptly replaces keys suspected of weakness or compromise.

In summary, Freemindtronic’s selection of RSA 4096 is informed by its robustness. This choice is complemented by unwavering adherence to cryptographic best practices. The incorporation of the EVI protocol bolsters security, ensuring the imperviousness of secrets shared among NFC HSM devices. This will be further elucidated in the following sections

Why Freemindtronic Utilizes RSA 4096 Against the Marvin Attack

Freemindtronic’s choice to utilize RSA 4096 for securing secret sharing among NFC HSM devices is grounded in its status as an asymmetric encryption algorithm renowned for delivering a high level of security and trust. RSA 4096 effectively resists factorization attacks, which are among the most prevalent threats against RSA encryption. It guarantees the confidentiality, integrity, and non-repudiation of shared secrets.

To address the potential consequences of the Marvin attack, Freemindtronic meticulously follows cryptographic best practices when generating strong and random RSA keys. The company employs prime numbers of substantial size, typically exceeding 2048 bits, in conjunction with a reliable and secure random number generator. Freemindtronic vigilantly validates the strength of RSA keys and promptly replaces them if any suspicions of weakness or compromise arise.

Moreover, Freemindtronic harnesses the power of the EVI (Encrypted Virtual Interface) protocol, which enhances RSA 4096’s security profile. EVI facilitates the exchange of RSA 4096 public keys among NFC HSM devices, introducing a wealth of security measures, including encryption, authentication, anti-cloning, anti-replay, anti-counterfeiting, and the use of a black box. EVI also enables the transmission of secrets encrypted with the recipient’s RSA 4096 public key, using the same mechanism.

In summary, Freemindtronic’s selection of RSA 4096 is informed by its robustness, complemented by unwavering adherence to cryptographic best practices. The incorporation of the EVI protocol bolsters security, ensuring the imperviousness of secrets shared among NFC HSM devices. This will be further elucidated in the following sections.

How Freemindtronic Utilizes RSA 4096 to Secure Secret Sharing Among NFC HSM Devices

Freemindtronic leverages RSA 4096 to fortify the security of secret sharing among NFC HSM devices, following a meticulously orchestrated sequence of steps:

  1. Key Generation: RSA 4096 key pairs are generated on each NFC HSM device, utilizing a dependable and secure random number generator.
  2. Public Key Exchange: The RSA 4096 public keys are exchanged between the two NFC HSM devices using the EVI (Encrypted Virtual Interface) protocol. EVI introduces multiple layers of security, including encryption, authentication, anti-cloning, anti-replay, anti-counterfeiting measures, and the use of a black box.
  3. Secret Encryption: The secret is encrypted using the recipient’s RSA 4096 public key, employing a hybrid encryption algorithm that combines RSA and AES.
  4. Secure Transmission: The encrypted secret is transmitted to the recipient, facilitated by the EVI protocol.
  5. Secret Decryption: The recipient decrypts the secret using their RSA 4096 private key, employing the same hybrid encryption algorithm.

Through this meticulous process, Freemindtronic ensures the confidentiality, integrity, and non-repudiation of secrets exchanged between NFC HSM devices. This robust approach thwarts attackers from reading, altering, or falsifying information protected by RSA 4096.

But what exactly is an NFC HSM device, and what communication methods exist for secret sharing among these devices? What are the advantages and benefits offered by the technologies and patents pioneered by Freemindtronic? These questions will be addressed in the subsequent sections.

What Is an NFC HSM Device?

An NFC HSM (Near Field Communication Hardware Security Module) is a specialized hardware security module that communicates wirelessly with an Android smartphone via NFC (Near Field Communication) technology. These devices come in the form of cards, stickers, or keychains and operate without the need for batteries. They feature EEPROM memory capable of storing up to 64 KB of data.

NFC HSM devices are designed to securely store and utilize cryptographic keys and secrets in an isolated and secure environment. They shield data from cloning, replay attacks, counterfeiting, or extraction and include an access control system based on segmented keys.

One prime example of an NFC HSM device is the EviCypher NFC HSM developed by Freemindtronic. This technology allows for the storage and utilization of cryptographic keys and secrets within a contactless device, such as a card, sticker, or keychain. EviCypher NFC HSM offers a range of features, including offline isolation, seamless integration with other technologies, and enhancements to the user experience. With its robust security measures and innovative features, EviCypher NFC HSM sets a new standard for secure communication and secret management in the digital realm.

Resistance Against Brute Force Attacks on NFC HSM

The RSA 4096 private key is encrypted with AES 256. Therefore, the user cannot extract it from the EEPROM memory. The NFC HSM has this memory. It also has other secrets in this memory. This memory is non-volatile. As a result, it can last up to 40 years without power. Consequently, any invasive or non-invasive brute force attack on NFC HSM is destined for failure. This is due to the fact that secrets, including the RSA private key, are automatically encrypted in the EEPROM memory of the NFC HSM using AES-256 with segmented keys of physical origin, some of which are externalized from the NFC HSM.

Real-Time Secret Sharing with EviCore NFC HSM

An intriguing facet of EviCore NFC HSM technology is its ability to facilitate real-time secret sharing without the need for a remote server or database. EviCore NFC HSM accomplishes this by encrypting secrets with the recipient’s randomly generated RSA 4096 public key directly on their NFC HSM device. This innovative approach to secret sharing eliminates the necessity for a trusted third party. Furthermore, EviCore NFC HSM executes these operations entirely in the volatile (RAM) memory of the phone, leaving no traces of plaintext secrets in the computer, communication, or information systems. As a result, it renders remote or proximity attacks, including invasive or non-invasive brute force attacks, exceedingly complex, if not physically impossible. Our EviCore NFC HSM technology is an Android application designed for NFC-enabled phones, functioning seamlessly with our NFC HSM devices. This application serves as both firmware and middleware, constituting an embedded system, offering optimal performance and compatibility with NFC HSM devices.

What Are the Advantages and Benefits of NFC HSM Devices and RSA 4096 Encryption?

NFC HSM devices and RSA 4096 encryption offer numerous advantages and benefits across various applications and domains. Some of these include:

  1. Enhanced Security and Trust: They bolster security and trust in the digital landscape through the utilization of a robust and efficient encryption algorithm that withstands factorization attacks.
  2. Simplified Key and Secret Management: They simplify the management and sharing of cryptographic keys and secrets by leveraging contactless technology for communication with Android phones via NFC.
  3. Improved Device Performance and Compatibility: They enhance device performance and compatibility by functioning as a firmware-like middleware embedded within an Android application for NFC-enabled phones.
  4. Enhanced User Experience: They improve the user experience of devices by offering features such as offline isolation, seamless integration with other technologies, and enhanced user experiences.

In summary, NFC HSMs and RSA 4096 encryption offer inventive and pragmatic answers to the escalating requirements for security and confidentiality in the digital sphere.

2023, Articles, EviKey & EviDisk, EviKey NFC HSM, News, NFC HSM technology, Technical News

How to secure your SSH key with NFC HSM USB Drive EviKey

Posted on by FMTAD
NFC HSM USB drive SSH Contactless keys manager EviKey NFC & EviCore NFC HSM Compatible Technologies patented from Freemindtronic Andorra Made in France - JPG
16
Sep

How to Create and Store Your SSH Key Securely with EviKey NFC HSM USB Drive

NFC HSM USB Drive EviKey revolutionizes SSH key storage in our digital era. In a world teeming with cyber threats, safeguarding SSH keys remains paramount. Yet, striking a balance between top-notch security and effortless access often poses challenges. The answer? EviKey’s groundbreaking NFC HSM USB technology. Throughout this guide, we’ll uncover how EviKey stands out, ensuring robust security without forsaking user convenience. So, whether you’re a seasoned tech expert or just beginning your cybersecurity journey, dive in. You’re about to discover the next big thing in digital key storage.

Shadowy hacker with a laptop in front of a digital map of Russia highlighted in red, symbolizing the origin of Kapeka Malware.

2024 Digital Security

Kapeka Malware: Comprehensive Analysis of the Russian Cyber Espionage Tool
April 18, 2024
A modern cybersecurity control center with a diverse team monitoring national cyber threats during the Andorra National Cyberattack Simulation.

2024 Cyberculture Digital Security News Training

Andorra National Cyberattack Simulation: A Global First in Cyber Defense
April 15, 2024
Illustration of an Apple MacBook with a highlighted M-series chip vulnerability, surrounded by symbols of data security breach and a global impact background.

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security
March 25, 2024
Digital world map with cybersecurity icons representing the Cybersecurity Breach at IMF.

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation
March 15, 2024
Digital world map showing cyberattack paths with Midnight Blizzard, Microsoft, HPE logos, email symbols, and password spray illustrations.

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?
March 10, 2024
PrintListener technology concept with NFC security solutions.

2024 Digital Security

PrintListener: How to Betray Fingerprints
February 22, 2024
A visual representation of BitLocker Security featuring a central lock icon surrounded by elements representing Microsoft, TPM, and Windows security settings.

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks
February 10, 2024
Digital shield by Freemindtronic repelling cyberattack against Microsoft Exchange

2024 Articles Digital Security News

How the attack against Microsoft Exchange on December 13, 2023 exposed thousands of email accounts
February 8, 2024

How to create and protect your SSH key with NFC HSM USB drive

The NFC HSM USB drive is a device that allows you to create and store your SSH key securely with EviKey technology. EviKey is a patented technology that encrypts your SSH key with a secret code that only you know and that is stored in a NFC tag embedded in the device. You will need to scan the NFC tag with your smartphone or another NFC reader to unlock your SSH key and use it for SSH sessions. You will also learn how to customize the security settings of your device and how to backup and restore your SSH key.

SSH: A secure protocol for remote communication

SSH, or Secure Shell, is a cryptographic protocol that allows you to establish a secure communication between a client and a server. SSH is often used to remotely administer servers, execute commands or transfer files. To connect to a server via SSH, there are two authentication methods: password or public key.

Password authentication: simple but insecure

Password authentication is the simplest method, but also the least secure. Passwords can be easily guessed, stolen or intercepted by attackers. Moreover, you have to remember your password and enter it every time you connect.

Public key authentication: advanced and secure

Setting up public key authentication for SSH

Public key authentication is a more secure and convenient way to access remote servers than using passwords. To set it up, you will need to generate a pair of keys, one public and one private, and copy the public key to the server you want to connect to. The private key will stay on your local machine and will be used to authenticate yourself when you initiate an SSH session. You will also learn how to use a passphrase to protect your private key from unauthorized access.

Advantages and constraints of public key authentication

Public key authentication: benefits and challenges

Using public key authentication for SSH has many benefits and challenges. Some of the benefits are: increased security, reduced risk of brute force attacks, and a streamlined login process. Some of the challenges are: managing multiple keys, ensuring the integrity of the public key, and recovering from lost or stolen private key. You’ll also learn some best practices for overcoming these challenges and protecting your SSH keys.

Public key authentication has several advantages:

  • Compared to password authentication, public key authentication offers a higher level of security. It also avoids typing your password every time you connect. In addition, it allows you to automate processes that require an SSH connection; such as scripts or orchestration tools.

However, public key authentication also involves certain constraints:

  • You have to deal with some constraints when you use public key authentication. For each client and each server, you have to generate a pair of keys; copy the public key on the server in a special file called ~/.ssh/authorized_keys; and protect the private key against any loss or compromise.

EviKey NFC HSM USB drive: A solution to store your SSH key securely

To overcome these constraints, there is a solution: using an EviKey NFC HSM technology to store your private SSH key physically externalized. EviKey NFC HSM USB drive is a hardware device that allows you to store sensitive data in a secure flash memory, which can only be unlocked with a contactless authentication via a smartphone compatible with NFC (Near Field Communication). It offers several advantages:

  • The EviKey NFC HSM USB drive allows you to keep your private SSH key outside of the hard disk of the client. This reduces the risks of theft or unauthorized access. You can also unlock your private SSH key without typing a password or a passphrase; you just have to approach your smartphone to the NFC HSM USB drive. Moreover, the device offers an industrial level of security equivalent to SL4 according to the standard IEC 62443-3-3.

EviKey NFC HSM: A technology developed by Freemindtronic SL

There are several models and brands of NFC HSM USB drives on the market, but in this tutorial, we will focus on the EviKey NFC HSM technology, developed by Freemindtronic SL, an Andorran company specialized in cybersecurity. EviKey NFC HSM is compatible with all operating systems (Linux, Windows, macOS, Android) and can be used with three free Android applications: Evikey & EviDisk, Fullkey Plus and Freemindtronic (FMT). These applications allow you to manag the NFC HSM USB drives, to create and restore backups, to encrypt and decrypt files, and to authenticate via SSH.

How to create an SSH key and use it with a NFC HSM USB drive

In this tutorial, we will show you how to create an SSH key under different operating systems, how to use a NFC HSM USB drive to store your private SSH key physically externalized, and how to use the public SSH key to authenticate locally, on a computer or on a server.

Prerequisites

The following are required to follow this tutorial:

  • A computer or a smartphone with an operating system among Linux, Windows, macOS or Android.
  • An internet connection.
  • A NFC HSM USB drive.
  • One of the three Android applications mentioned above installed on your smartphone.
  • A remote server that you want to connect to via SSH.

Creating an SSH key

The first step to use public key authentication is to generate a pair of SSH keys (private and public) on your computer or smartphone. To do this, you can use a special utility called ssh-keygen, which is included with the standard OpenSSH suite. By default, this utility will create a pair of RSA keys of 3072 bits.

The procedure to create an SSH key varies depending on the operating system that you use. Here is how to do it for each case:

  • Linux

    • Open a terminal and type the following command: ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
    • This command will create a new pair of SSH keys using your email as a label.
    • You can choose the location and name of the file where to save your private key, as well as a passphrase to protect it.
    • By default, the files are named id_rsa and id_rsa.pub and are stored in the ~/.ssh directory.

  • Windows

    • Download and install the PuTTYgen software from the official website [2].
    • Launch PuTTYgen and click on the Generate button.
    • You will have to move the mouse over the blank area to create some entropy.
    • Once the key is generated, you can enter a comment (for example your email) and a passphrase to secure it.
    • Then, you will have to save your public key and your private key in separate files by clicking on the Save public key and Save private key buttons.

  • macOS

    • The procedure is similar to Linux.
    • Open a terminal and type the following command: ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
    • SSH keygen will create a new pair of SSH keys using your email as a label.
    • You can choose the location and name of the file where to save your private key, as well as a passphrase to protect it.
    • By default, the files are named id_rsa and id_rsa.pub and are stored in the ~/.ssh directory.

  • Android

    • Download and install the ConnectBot application from the Play Store [5].
    • Open ConnectBot and press the Menu button.
    • Select Manage Pubkeys.
    • Press the Menu button again and select Generate.
    • Choose the type of key (RSA or DSA) and the size of the key (2048 bits or more).
    • Enter a nickname for your key and press Generate.

Using a NFC HSM USB drive

Once you have created your pair of SSH keys, you have to move the private SSH key into the flash memory of the NFC HSM USB drive. To do this, you have to plug the NFC HSM USB drive into the USB port of your computer or smartphone, and use the following command:

sudo mv ssh_private_key /usb_directory

This command will move the file containing your private SSH key (for example id_rsa or private.ppk) to the directory corresponding to the NFC HSM USB drive (for example /media/evikey or /storage/evikey). You have to replace ssh_private_key and /usb_directory with the appropriate names according to your case.

Once you have moved your private SSH key into the NFC HSM USB drive, you can lock it contactlessly with your smartphone. To do this, you have to use one of the three Android applications that embed the EviKey NFC HSM technology: Evikey & EviDisk, Fullkey Plus or Freemindtronic (FMT). Here is how to do it for each application:

With Evikey & EviDisk or Fullkey Plus or Freemindtronic (FMT) Android NFC app

  • Open the application on your smartphone.
  • Select the NFC HSM USB drive that you want to lock.
  • Press the Lock button.
  • Approach your smartphone to the NFC HSM USB drive to lock the access to the flash memory.

Authentication via SSH with a NFC HSM USB drive

You have prepared your NFC HSM USB drive and copied your public SSH key on the computer or remote server that you want to connect to via SSH. Now you can authenticate via SSH with the NFC HSM USB drive. Here are the steps to follow:

  • Plug the NFC HSM USB drive into the USB port of the smartphone
  • Open the Android application of your choice
  • Select the option “SSH Authentication”
  • Enter the information of the computer or remote server (IP address, port, username)
  • Select the private SSH key stored in the NFC HSM USB drive
  • Approach your smartphone to the NFC HSM USB drive to unlock the access to the flash memory
  • Validate the SSH connection
  • Access the terminal of the computer or remote server

The method allows you to authenticate locally, on a computer or on a server. Here are some examples of use cases:

Local authentication

You can use the NFC HSM USB drive to authenticate locally on your own computer or smartphone. That can be useful if you want to execute commands as another user, for example root or sudo. To do that, you have to enter the information of your computer or smartphone as IP address, port and username. For example:

ssh -p 22 root@127.0.0.1

It command will connect you via SSH to your local computer as root, using port 22 and IP address 127.0.0.1. It is a special address that always designates the local host. You will have to approach your smartphone to the NFC HSM USB cdrive to unlock your private SSH key and validate the connection.

Computer authentication

With the NFC HSM USB drive, you can authenticate on another computer that you have access to on the network. Such can be useful if you want to access files or programs that are stored on that computer, or if you want to perform maintenance or troubleshooting operations remotely. To do such, you have to enter the information of the computer that you want to connect to as IP address, port and username. For example:

ssh -p 22 alice@192.168.1.10

Local SSH will connect you via SSH to the computer whose IP address is 192.168.1.10, using port 22 and username alice. You will have to approach your smartphone to the NFC HSM USB drive to unlock your private SSH key and validate the connection.

Server authentication

The EviKey NFC HSM USB drive lets you authenticate on a remote server that you have access to via the internet. This can be useful if you want to administer a website, a database, a cloud service or any other type of server. To do this, you have to enter the information of the server that you want to connect to as IP address, port and username. For example:

ssh -p 22 bob@54.123.456.78

That command will connect you via SSH to the server whose IP address is 54.123.456.78, using port 22 and username bob. You will have to approach your smartphone to the NFC HSM USB drive to unlock your private SSH key and validate the connection.

Comparison of Secure Storage Solutions for SSH Keys

EviKey NFC HSM USB Drive: Redefining the Paradigm

The search for dependable, efficient, and secure storage for SSH private keys has evolved from a mere task to a pivotal mission. In a digital landscape riddled with threats, the EviKey NFC HSM USB drive emerges, not merely as a product but as a groundbreaking shift towards cybersecurity, regulatory compliance, and user-friendliness.

Cybersecurity and Safety: A Synergy

Combining cybersecurity (safeguarding digital assets) and safety (protecting the device itself) is a hallmark of the EviKey NFC HSM USB drive. The drive’s construction inherently merges these two dimensions. With electrical and thermal safeguards, ESD protection, and an integrated self-diagnostic system, it’s evident that the EviKey drive is designed not just to store but to fortify.

Simplicity Meets Security: Seamless SSH Key Storage

EviKey has revolutionized the SSH key storage process, doing away with complicated software or intricate steps. Upon unlocking the USB NFC HSM through a contactless mechanism, it presents itself as a standard medium on various operating systems. Users can then smoothly transfer SSH keys to this space. In its locked state, the drive becomes virtually undetectable to both computing and mobile platforms, ensuring unparalleled security. Furthermore, the option to fortify security with an additional password layer is available to users.

Normative Compliance: Setting the Gold Standard

EviKey’s technological prowess is evident in features such as NFC signal energy harvesting. This includes a state-of-the-art black box monitoring system. Additionally, there’s an assurance of data persistence for an astounding 40 years without needing an external power source.

Technological Advancements: Beyond the Ordinary

EviKey’s technological prowess is evident in features such as NFC signal energy harvesting, a state-of-the-art black box monitoring system, and an assurance of data persistence for an astounding 40 years without needing an external power source.

At a Glance: EviKey Versus the Rest

CriteriaEviKey NFC HSMNitrokeyYubikeySoloKeysOnlyKeyTrezor
Storage Capacity8GB-128GB32KB32KB32KB32KBLimited by key size
SSH Key CapacityOver 4 billionAbout 24About 24Up to 24Up to 24Several
Contactless AuthenticationYes, via NFCNoYes, NFC or USBYes, NFC or USBYes, NFC or USBYes, via USB
Physical Device SecurityEnhanced with attack detection & self-destructStandard with PIN lockStandard with PIN lockStandard with PIN lockStandard with PIN lockStandard with PIN lock
OS CompatibilityAll OSAll OSAll OSAll OSAll OSAll OS
SSH & OpenSSH Protocol CompatibilityYes, via OpenSSHYes, via PKCS#11Yes, via PKCS#11Yes, via PKCS#11Yes, via PKCS#11Yes, via GPG
SSH & OpenSSH Authentication ModesFive-factor (MFA)Two-factor (2FA)Two-factor (2FA)Two-factor (2FA)Two-factor (2FA)One-factor (1FA)
Users for Contactless SSH & OpenSSH UnlockingSix different usersNoneOne userOne userOne userOne user
PatentsThree international patentsNoneNoneNoneNoneNone
Electrical ProtectionIntegrated with intelligent regulatorNoNoNoNoNo
Thermal SafeguardsFunctional & thermal sensors with breakerNoNoNoNoNo
ESD Protection27kv on data channelNoNoNoNoNo
Physical RobustnessMilitary-grade resin; Waterproof & TamperproofNoNoNoNoNo
Security from AttacksInclusive of invasive & non-invasive threatsNoNoNoNoNo
Limit on Auth. Attempts13 (modifiable by admin)NoNoNoNoNo
USB Port ProtectionFully independent security systemNoNoNoNoNo
Contactless Security EnergyHarvests energy from NFC signalsNoNoNoNoNo
Black Box MonitoringComprehensive event trackingNoNoNoNoNo
Fault DetectionIn-built self-diagnosticsNoNoNoNoNo
Memory Write CountMonitors flash memory healthNoNoNoNoNo
Data Persistence40 years without external powerNoNoNoNoNo
Temperature GuardEnsures optimal performanceNoNoNoNoNo
Auto-lock DurationAdmin-defined (seconds to minutes)NoNoNoNoNo

Unveiling the NFC HSM USB Drive EviKey’s Innovations

Deep Dive: Why EviKey is the Leading Choice

With standout features like the swift auto-lock function, EviKey solidifies its position as a market leader. Its rapid automatic re-locking capability, combined with easy NFC unlocking, minimizes vulnerability windows, ensuring top-notch security. The EviKey NFC HSM USB drive signifies not just storage but an investment in unparalleled SSH key protection.

Physical Robustness: Beyond Conventional Protection

Designed with precision, the EviKey NFC HSM USB drive is adept at handling adverse conditions. Enclosed in a military-grade resin, its robustness parallels that of steel. Its unique construction ensures the EviKey drive’s resilience to damage, and its waterproof quality even allows it to operate underwater. Beyond the physical, the drive also provides countermeasures against invasive and non-invasive brute force intrusions.

Independence from Encryption Systems: Freedom of Choice

EviKey NFC HSM USB drive’s design is devoid of a pre-set encryption system, a strategic move to offer users flexibility and security. This choice ensures evasion from issues tied to outdated or flawed cryptographic elements, which may require user updates. This architecture offers users the autonomy to choose their preferred encryption method for data storage on the EviKey drive. Furthermore, the option for drive segmentation allows users to create specific encrypted sections, such as a BitLocker space, diversifying its applications.

Versatility: A Universal Key

EviKey NFC HSM’s adaptability is not limited to SSH key storage. Its versatile nature allows integration with various security ecosystems. The drive can serve as a decryption key for encrypted SSDs, HDs and SDs TPM2.0. Moreover, its compatibility extends to password management, functioning as a password manager or a token, harmonizing with other advanced technologies from Freemindtronic such as EviCode HSM OpenPGP and EviPass HSM OpenPGP.

Conclusion

You now know how to create an SSH key under different operating systems, how to use a NFC HSM USB drive to store your physically externalized private SSH key, and how to use the public SSH key to authenticate locally, on a computer or on a server. You can thus enjoy a secure and convenient authentication method, without needing a password or additional software, while benefiting from an industrial level of security equivalent to SL4 according to the standard IEC 62443-3-3.

If you have any questions or comments, feel free to contact Freemindtronic SL, designer, developer, manufacturer and publisher of applications embedding the EviKey NFC HSM technology. You can also buy the products integrating this technology from Freemindtronic’s partners.

Articles, Digital Security, EviVault Technology, NFC HSM technology, Technical News

EviVault NFC HSM vs Flipper Zero: The duel of an NFC HSM and a Pentester

Posted on by FMTAD
EviVault NFC HSM and EviCore NFC HSM Embedded ISO 15693 VS Flipper Zero
04
Jul

EviVault NFC HSM vs Flipper Zero by Jacques Gascuel: This article will be updated with any new information on the topic.  

Unveiling the Encounter: EviVault NFC HSM vs Flipper Zero

This article examines the encounter between EviVault NFC HSM and Flipper Zero. While EviVault NFC HSM securely stores your blockchain keys offline, Flipper Zero serves as a device to test the security of wireless systems and NFC tags. The crucial question remains: Can Flipper Zero break through the defenses of EviVault NFC HSM and access your cryptocurrencies keys? The resounding answer is no, and we will explore the compelling reasons behind this assertion.

Shadowy hacker with a laptop in front of a digital map of Russia highlighted in red, symbolizing the origin of Kapeka Malware.

2024 Digital Security

Kapeka Malware: Comprehensive Analysis of the Russian Cyber Espionage Tool
April 18, 2024
A modern cybersecurity control center with a diverse team monitoring national cyber threats during the Andorra National Cyberattack Simulation.

2024 Cyberculture Digital Security News Training

Andorra National Cyberattack Simulation: A Global First in Cyber Defense
April 15, 2024
Illustration of an Apple MacBook with a highlighted M-series chip vulnerability, surrounded by symbols of data security breach and a global impact background.

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security
March 25, 2024
Digital world map with cybersecurity icons representing the Cybersecurity Breach at IMF.

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation
March 15, 2024
Digital world map showing cyberattack paths with Midnight Blizzard, Microsoft, HPE logos, email symbols, and password spray illustrations.

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?
March 10, 2024
PrintListener technology concept with NFC security solutions.

2024 Digital Security

PrintListener: How to Betray Fingerprints
February 22, 2024
A visual representation of BitLocker Security featuring a central lock icon surrounded by elements representing Microsoft, TPM, and Windows security settings.

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks
February 10, 2024
Digital shield by Freemindtronic repelling cyberattack against Microsoft Exchange

2024 Articles Digital Security News

How the attack against Microsoft Exchange on December 13, 2023 exposed thousands of email accounts
February 8, 2024

EviVault NFC HSM vs Flipper Zero: The duel of an NFC HSM and a Pentester

EviVault NFC HSM vs Flipper Zero: this is the question that this article will answer. EviVault NFC HSM is a technology that securely stores your blockchain keys offline. Flipper Zero is a device that tests the security of wireless systems and NFC tags. Can Flipper Zero compromise EviVault NFC HSM and access your cryptocurrencies keys? The answer is no, and this article will explain why.

EviVault NFC HSM vs Flipper Zero is a topic that interests many crypto enthusiasts and security experts. Moreover, it sparks curiosity about the comparison between these two technologies. EviVault NFC HSM is a technology that allows offline physical secure storage of blockchain private keys, cryptocurrencies, wallets, Bitcoin, Ethereum, NFTs, Smart Contracts. Freemindtronic, a company from Andorra that specializes in NFC security solutions, developed it. EviVault NFC HSM uses the EviCore NFC HSM technology, which offers a high level of protection and encryption for your keys and secrets. It also works with Freemindtronic’s NFC HSM devices, which are contactless devices that can store and use your crypto keys and secrets. You can learn more about this technology here: https://freemindtronic.com/evicore-nfc-hsm-the-technology-by-freemindtronic/.

Flipper Zero is a versatile tool for testing the security and cybersecurity of systems, especially for pentesters. However, it can be used for malicious purposes, such as by cybercriminals to hack into digital systems, such as radio protocols, access control systems, hardware and more. At first glance, one might think that Flipper Zero is capable of compromising EviVault NFC HSM by reading or cloning its secrets without contact. However, this is not the case because EviVault NFC HSM has several security mechanisms that prevent any attempt of physical or logical attack.

In this article, we will explain how EviCore NFC HSM can resist effectively to the attacks of pentest tools like Flipper Zero and how it protects your blockchain assets from end to end, focusing on the device level.

How EviCore NFC HSM protects and encrypts your secrets with a secure element

First of all, EviCore NFC HSM is a proprietary technology that uses an NFC HSM to store and protect your secrets. It uses a proprietary protocol called EVI (Encrypted Virtual Interface) based on the ISO 15693 standard (https://www.st.com/resource/en/datasheet/m24lr64e-r.pdf or (https://www.st.com/resource/en/datasheet/st25dv64kc.pdf).

EVI ensures the proper functioning of reading and writing encrypted secrets with an intelligent system of error monitoring for write errors or reading from the secure EEPROM memory. You can find more information about the security standards and algorithms used by EVI here: https://freemindtronic.com/evicore-nfc-hsm-security-information-standards-algorithms-regulatory.

Moreover, EviCore NFC HSM uses other specific encryption algorithms such as AES CTR SHA 256 bits to encrypt and protect your secrets by segmented keys. Meanwhile EVI protects the keys used to access the RF NFC memories with a very strong secret code via AES ECB 128. This secret code prevents unauthorized reading or modification of keys. EVI makes the NFC and RF memories safer to combat invasive or non-invasive attacks from pentest tools like Flipper Zero.

EviCore NFC HSM: a fortress for your secrets EviVault NFC HSM vs Pentester

The NFC HSM EviCore, developed by Freemindtronic, is a technology protected by three patents of invention in their implementation. It is incomparable. It uses its innovative Encrypted Virtual Interface (EVI) protocol to ensure unparalleled security of confidential data in the duel EviVault NFC HSM vs Flipper Zero. This technology, compliant with the ISO 15693 standard, constitutes a multi-layer defense for your information. Seamlessly integrated within it are advanced features such as encryption, authentication, anti-cloning, anti-replay, anti-counterfeiting, and comprehensive black box management.

The Interaction between EVI and the NFC HSM: Securing Secrets in the EviVault NFC HSM vs Flipper Zero Duel

EVI, the Machine-to-Machine (MtoM) interface, collaborates with NFC HSM chips to ensure secure management of encrypted data read and write operations without risk of physical and digital errors. Thus, EVI monitors errors in reading/writing secure EEPROM memory through a sophisticated error tracking system that includes user errors of NFC HSM. In addition, it independently manages various cryptographic tasks such as encryption, decryption, signing, verification, and key generation of access codes to EEPROM memories. It thus strengthens the level of security, resilience and security of encrypted secrets. These are encrypted with other EviCore NFC HSM algorithms. This already constitutes two lines of defense against invasive or non-invasive attacks.

The Importance of External Elements in the EviVault NFC HSM vs Flipper Zero Duel

The encryption methodology of EviCore NFC HSM allows each segment to have a different physical origin in the duel EviVault NFC HSM vs Flipper Zero. This means that it can come from an external element to the NFC HSM, such as a geographic location and/or a password or fingerprint reading and/or a segmented QR code key exceeding 256 bits and/or BSSID and/or an NFC Android phone identifier. In fact, these elements serve as physical origin trust criteria, thus strengthening the validation process to access the secrets stored in the NFC HSM. Thus, this patented technology constitutes a third line of defense against various types of attacks, whether in proximity or at a distance, thanks in particular to encryption by encapsulations including these criteria freely defined by the user.

Superior Encryption and Deterrence against Unauthorized Access in the EviVault NFC HSM vs Flipper Zero Duel

Using high-quality encryption algorithms such as AES CTR SHA 256 bits considered post-quantum, the EviCore NFC HSM technology ensures that secrets remain inaccessible to unauthorized entities in the long term against pentest tools such as in the duel EviVault NFC HSM vs Flipper Zero. In addition, EVI protects the keys of NFC RF memories using AES ECB 128, preventing any unauthorized reading or modification. Thus, with this post-quantum encryption of secrets stored in the NFC HSM, it constitutes the fourth line of defense against attacks, especially invasive ones via pentest tools such as Flipper Zero.

Comprehensive Defense against Cyber Threats in the EviVault NFC HSM vs Flipper Zero Duel

EviCore NFC HSM provides a comprehensive defense strategy against both physical and logical attacks in the EviVault NFC HSM vs Flipper Zero duel. Its defenses include countermeasures against tampering, cloning, side-channel analysis, and reverse engineering. As the battle between EviVault NFC HSM and Flipper Zero intensifies, EviCore NFC HSM remains steadfast in protecting your secrets and ensuring a resilient defense against emerging cyber threats.

The EviCore NFC HSM technology operates without batteries and is activated on-demand, optimizing energy usage by leveraging the NFC signal of an Android phone. This unique feature not only showcases the system’s efficiency but also its environmentally friendly design. With EviCore NFC HSM technology, you get the peace of mind offered by patented and unparalleled security in the security and safety of sensitive data such as blockchain and cryptocurrency private keys in the face of perpetually evolving challenges via pentest tools that are freely accessible and very useful for testing, especially the duality EviVault NFC HSM vs Flipper Zero.

How Flipper Zero reads and emulates NFC cards

Flipper Zero has a Reading NFC cards function that allows it to read, save and emulate NFC cards. An NFC card is a transponder that operates at 13.56 MHz and has a unique number (UID) as well as a part of rewritable memory for storing data. Depending on the card type, memory can be segmented into sectors, pages, applications, etc. When near a reader, the NFC card transmits the requested data.

Flipper Zero can read different types of NFC cards according to their standard and protocol:

  • NFC cards type A: MIFARE Classic®, MIFARE Ultralight® & NTAG®, MIFARE® DESFire®
  • NFC cards type B: Calypso®, CEPAS
  • NFC cards type F: FeliCa™
  • NFC cards type V: ICODE® SLIX
  • Unknown cards: cards not recognized by Flipper Zero

Flipper Zero can also emulate NFC cards by using the data saved in its memory. To do this, you have to select a card from the Saved list then press Emulate. Flipper Zero will then behave like an NFC card and can communicate with a compatible reader.

Flipper Zero can therefore communicate with EviCore NFC HSM technology using the ISO 15693 standard which is supported by the ST25R3916 component it uses. However as we have seen previously this communication is limited and secured by EviVault NFC HSM protection mechanisms. Moreover Flipper Zero can emulate an ISO 15693 card even if the emulator has limitations. Indeed, the ST25R3916 component used by Flipper Zero allows emulation according to the ISO 15693 standard via RFLA (RF/NFC Abstraction Layer). However this emulation has limits to be able to test the NFC HSM of Freemindtronic. This excludes, for example, the possibility of testing the security and carrying out malicious attacks by emulating an ISO 15693 64Kb NFC chip used by the NFC HSMs used by the EviVault NFC HSM technology.

If you want to know more about Flipper Zero’s Reading NFC cards function and its emulation possibilities you can check out the following links:

Flipper Zero’s Capabilities and Limitations in Attacking EviVault NFC HSM

Flipper Zero’s Support of NFC-V Protocol and Emulation

A New Feature in Firmware 0.85.2

Flipper Zero is a multifunctional gadget for hackers that supports NFC technology. It can read, write, clone, and emulate NFC cards using a built-in 13.56 MHz NFC module. Flipper Zero uses a ST25R3916 NFC controller and a RFAL library to handle high-frequency protocols (NFC) and facilitate the development of NFC applications.

Flipper Zero supports the NFC-V (ISO15693) protocol since the firmware version 0.85.2. This protocol is used by some NFC tags, such as transport cards or electronic labels. With this feature, Flipper Zero can read and emulate these tags, which can be useful for testing their security or having fun with them.

The NFC-V protocol is a contactless protocol that operates at 13.56 MHz and allows data transfer at a distance of a few centimeters, with a maximum speed of 26.48 kbit/s. The NFC-V protocol is based on the ISO15693 standard, which defines the physical and logical characteristics of NFC tags. The NFC-V tags are recognized by the NFC Forum as type 5 tags.

To use the NFC-V protocol with Flipper Zero, you need to select the “NFC” option in the main menu, then choose the “NFC-V” mode. Then you need to bring the Flipper Zero close to an NFC-V tag to detect it and display its information. You can then choose to perform different actions on the tag, such as:

  • Read: to read the content of the tag and display it on the screen of Flipper Zero. The tag can contain up to 256 blocks of 4 bytes each.
  • Write: to write data on the tag, by choosing the page and the bytes to modify. The writing can be protected by a password.
  • Clone: to copy the content of the tag into the internal memory of Flipper Zero. Flipper Zero can store up to 8 cloned tags.
  • Emulate: to make the reader believe that Flipper Zero is the original tag. Flipper Zero can emulate any cloned tag.

A Potential Threat for EviVault NFC HSM

This feature also introduces a potential threat for EviVault NFC HSM, as Flipper Zero can now emulate an NFC-V card and try to access its data or functions. However, this threat is not very serious, as EviVault NFC HSM has strong security mechanisms that prevent unauthorized access or tampering.

EviVault NFC HSM is a hardware security module that uses NFC technology to store and manage cryptographic keys. It is designed to protect sensitive data and transactions from unauthorized access or tampering. It can be used as a secure element for authentication, encryption, digital signature, or blockchain applications.

EviVault NFC HSM uses encryption, authentication, protection against cloning and replay, and other techniques to ensure that only authorized devices can interact with it. Even if Flipper Zero can emulate an NFC-V card, it cannot decrypt or modify its data, nor perform any cryptographic operations on it.

Therefore, Flipper Zero’s support of NFC-V emulation does not compromise EviVault NFC HSM’s security or confidentiality.

Documentation

If you want to learn more about Flipper Zero’s support of NFC-V protocol and emulation, you can consult the following documentation:

Flipper Zero’s Lack of Support for Energy Harvesting and Password Protection

Two Features of M24LR64E-R and ST25DV64KC Chips

The M24LR64E-R and ST25DV64KC are dynamic NFC/RFID chips with 64-Kbit EEPROM, energy harvesting, I2C bus and RF ISO 15693 interface. They are used by Freemindtronic for their EviVault NFC HSM products. They have two features that Flipper Zero does not support: energy harvesting and password protection.

Energy harvesting is a function that allows the chip to harvest energy from the RF field and use it to power external components. This can be useful for low-power applications or battery-less devices. The chip has an analog pin for energy harvesting and four sink current configurable ranges.

Password protection is a function that allows the chip to protect its data from unauthorized access or modification by using passwords. The chip has three 64-bit passwords in RF mode and one 64-bit password in I2C mode. The passwords can be used to protect one to four configurable areas of memory in read and/or write mode.

Two Limitations for Flipper Zero in Attacking EviVault NFC HSM

Flipper Zero cannot take advantage of these two features for several reasons:

  • Flipper Zero cannot emulate a tag NFC 15693 with a memory of 64-Kbit, because it does not have enough internal memory to store the content of the tag. It cannot therefore pretend to be the original tag and try to access its data or functions.
  • Flipper Zero cannot clone a tag NFC 15693 with a memory of 64-Kbit, because it does not have enough internal memory to copy the content of the tag. It cannot therefore create a duplicate of the tag and modify it at will.
  • Flipper Zero cannot write on a tag NFC 15693 protected by a password, because it does not know the password. It cannot therefore modify the data of the tag or make them inaccessible.
  • Flipper Zero cannot benefit from the energy harvesting function of the M24LR64E-R and ST25DV64KC chips, because it does not have an analog pin to harvest energy. It cannot therefore power external components with the energy of the tag.

These limitations further reduce Flipper Zero’s capabilities in attacking EviVault NFC HSM. While Flipper Zero can interact with NFC-V devices used by NFC HSM, it cannot emulate them, clone them, write on them. EviVault NFC HSM’s robust security mechanisms ensure that Flipper Zero cannot compromise its security or confidentiality.

Documentation

If you want to learn more about the M24LR64E-R and ST25DV64KC chips and their features, you can consult the following documentation:

Conclusion

In this article, we analyzed how Flipper Zero can test the security of or attack EviVault NFC HSM technology through malicious use. This technology enables secure offline physical storage of blockchain private keys, cryptocurrency wallets, NFTs, and smart contracts. It uses EviCore NFC HSM technology that offers a high level of protection and encryption for your keys and secrets. It also works with Freemindtronic’s NFC HSM devices that are contactless devices that can store and use your cryptocurrency keys and secrets. Flipper Zero is a tool that can read, write, clone and emulate NFC cards using a built-in NFC module. It supports the NFC-V (ISO15693) protocol since June 2023, which allows it to interact with the M24LR64E-R and ST25DV64KC chips used by EviVault NFC HSM. However, Flipper Zero cannot compromise EviVault NFC HSM, because it has robust security mechanisms that prevent unauthorized access or modification of its data or functions. These mechanisms include encryption, authentication, protection against cloning and replay, energy harvesting and password protection. Therefore, EviVault NFC HSM is a reliable and innovative solution for offline storage and use of cryptocurrency keys without risk of hacking or loss.

It is understood that to perform this type of invasive or non-invasive proximity test or attack, you must first physically obtain an NFC HSM with blockchain or cryptocurrency private keys stored via EviVault NFC HSM.

Since it is not possible to emulate a NFC-V NFC HSM of 64 KB iso 15963. That it is not possible to guess the decryption keys encrypted in AES considered post-quantum. In addition, encryption keys are segmented to annoy blockchain and cryptocurrency privates. EviVAult NFC HSM technology allows you to securely store physical offline blockchain private keys as well as their public addresses and public keys. You can use them contactlessly on Android NFC phone or all computers such as Microsoft Windows, Linux and iOS Apple. It also protects them from environmental hazards by using NFC chips coated with defense-grade resin.

To acquire products using EviVault NFC HSM technology, simply check that the product includes this technology. If in doubt, contact Freemindtronic by clicking here.

Comparison table of EviVault NFC HSM and Flipper Zero features

It might be useful to add this table of main features of EviVault NFC HSM and Flipper Zero to show the communication links that allow Flipper Zero to communicate with EviCore NFC HSM technology. Here is the table formatted with the features of EviVault NFC HSM and Flipper Zero.

FeatureEviVault NFC HSMFlipper Zero
Encryption algorithmAES 256 bits and RSA 4096None
Authentication mechanismSegmented key with 9 trust criteriaNone
Protection against cloning and replayYesNo
Power security device and black boxYesNo
Wireless access control systemYesNo
Memory size64 KB EEPROM1024 KB Flash
Memory encryptionYesNo
Memory access lockoutYesNo
Frequencies below 1 MHz13.56 MHz ± 7 kHz13.56 MHz / 125 kHz (LF) and (HF)
NFC standard
  • ISO 15693 and compatible ISO 18000-3 mode 1
  • 423 kHz and 484 kHz
  • 53 kbit/s data rate
NFC-A / ISO14443A, NFC-B / ISO14443B, NFC-F / FeliCa™, NFC-V / ISO15693, NFC-A / ISO14443A, NFC-F / FeliCa™ in card emulation, compliant with MIFARE Classic®
Sub-GHz frequenciesNone315 MHz, 433 MHz, 868 MHz and 915 MHz
BluetoothYes: Protected by RSA 4096 for Freemindtronic’s Android NFC application and by AES-128 CBC from EviKeyboard BLEBluetooth LE 5.0
WifiYes: Protected by RSA 4096 for Freemindtronic’s Android NFC application and unique ECC key for one-time use with the NFC HSM Browser extensionYes, optional
Infrared transmitterNoneYes
RFID reader-emulatorNoneEM-4100 and HID Prox cards only
NFC reader-emulatorNoneYes, but without encryption or authentication
Anti-counterfeitingYes, by unique signature of 128 bits and access to segmented keyNone
iButton reader-emulatorNoneYes
GPIO connectorsNone18
Man-in-the-middle attack by intercepting the NFC signalSecureYes

Note that this table shows the differences between the features of EviVault NFC HSM and Flipper Zero when used to attack EviVault NFC HSM.

Articles, NFC HSM technology, Technical News

Digital signature: How Freemindtronic secures its software

Posted on by FMTAD
Digital Signature EV Code Signing Certificate from Freemindtronic SL Andorra
03
Jul

Digital signature by Jacques gascuel This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.  

How Freemindtronic uses digital signature to secure its software

Digital security is the main focus of Freemindtronic. This innovative company offers software that use digital signature. This ensures their reliability and integrity. Some of these software are EviDNS and EviPC. They use NFC technology and asymmetric & symmetric cryptography. These techniques help to create, store and verify digital evidence. In this article, we will see the benefits of digital signature for users.

Cardokey NFC vCard Business: Edit, Read, and Import Contacts Seamlessly on iPhone.

2024 Articles Cardokey EviSwap NFC NDEF Technology GreenTech Technical News

NFC vCard Cardokey: Revolutionizing Digital Networking
March 25, 2024
5Ghoul: 5G NR Attacks on Mobile Devices

2023 Articles Communications Cybersecurity Digital Security News Technical News

5Ghoul: 5G NR Attacks on Mobile Devices
December 29, 2023
Quantum computing RSA encryption

2023 Articles EviCore HSM OpenPGP Technology EviCore NFC HSM Technology NFC HSM technology Technical News Technologies

Quantum computing RSA encryption: a threat and a solution
November 12, 2023
Brute Force Attacks Cyber Attack Guide

Articles News Technical News

Brute Force Attacks: What They Are and How to Protect Yourself
November 1, 2023
Fingerprint Systems Really Secure - How to Protect Your Data and Identity

Articles Compagny spying DataShielder Digital Security Industrial spying Military spying NFC HSM technology Spying Technical News Zero trust

Are fingerprint systems really secure? How to protect your data and identity against BrutePrint
October 23, 2023
NFC HSM Devices and RSA 4096 encryption a new standard for cryptographic security serverless databaseless without database by EviCore NFC HSM from Freemindtronic Andorra

Articles Cyberculture NFC HSM technology Technical News

RSA Encryption: How the Marvin Attack Exposes a 25-Year-Old Flaw
October 3, 2023
NFC HSM USB drive SSH Contactless keys manager EviKey NFC & EviCore NFC HSM Compatible Technologies patented from Freemindtronic Andorra Made in France - JPG

2023 Articles EviKey & EviDisk EviKey NFC HSM News NFC HSM technology Technical News

How to secure your SSH key with NFC HSM USB Drive EviKey
September 16, 2023
EviVault NFC HSM and EviCore NFC HSM Embedded ISO 15693 VS Flipper Zero

Articles Digital Security EviVault Technology NFC HSM technology Technical News

EviVault NFC HSM vs Flipper Zero: The duel of an NFC HSM and a Pentester
July 4, 2023

What is digital signature?

Digital signature is a process that allows to authenticate the origin and content of a document or a computer program. It relies on the use of a digital certificate, which attests to the identity of the signer, and a private key, which allows to encrypt the data. The private key is stored on a secure physical device, called USB token, which requires a PIN code to be activated. Thus, digital signature protects the private key from theft or loss.

Why choose EV Code Signing Certificate Highest level of Security?

Freemindtronic has chosen the EV Code Signing Certificate Highest level of Security, which is the highest level of security available on the market. This certificate has the following characteristics:

  • It complies with the authentication standards of the CA/Browser Forum and Microsoft specifications, which ensures compatibility with major browsers and operating systems.
  • It establishes the reputation of the signer in Windows 8.0 and later versions, Internet Explorer 9 and later versions, Microsoft Edge, and Microsoft SmartScreen® Application Reputation filter, which increases user confidence by displaying the identity of the signer before running applications.
  • It supports all major 32-bit/64-bit formats, such as Microsoft Authenticode (kernel and user mode files, like .exe, .cab, .dll, .ocx, .msi, .xpi, and .xap), Adobe Air, Apple applications and plug-ins, Java, MS Office Macro and VBA, Mozilla object files, and Microsoft Silverlight applications.
  • It includes a timestamp functionality, which allows to continue using signed applications even after the expiration of the signature certificate.
  • It comes with a free USB token with a 3-year certificate.

How does digital signature benefit users?

By using a high-level digital signature, Freemindtronic guarantees its customers the quality and security of its software, while distinguishing itself from its competitors in the digital security market. Users can enjoy the following benefits:

  • They can verify the authenticity and integrity of Freemindtronic software before installing or running it.
  • They can avoid warnings or errors from browsers or operating systems that may prevent them from using unsigned or poorly signed software.
  • They can trust that Freemindtronic software is free from malware or tampering that could compromise their data or devices.
  • They can access Freemindtronic software even if they are offline or if their internet connection is unstable.
BENEFITSDIGITAL SIGNATURE
Authenticity✔️
Integrity✔️
Reputation✔️
Compatibility✔️
Security✔️
Accessibility✔️

In conclusion, Freemindtronic is a leader in digital security solutions, such as EviDNS and SecureSafe360, which use NFC technology and asymmetric & symmetric cryptography to create, store and verify digital evidence. To ensure that its software is reliable and secure, Freemindtronic uses a high-level digital signature that complies with industry standards and specifications. Users can benefit from this signature by verifying the identity and content of Freemindtronic software before using it. They can also avoid potential problems caused by unsigned or poorly signed software. Finally, they can access Freemindtronic software even when they are not connected to the internet.

Articles, Cryptocurrency, Digital Security, Technical News

Securing IEO STO ICO IDO and INO: The Challenges and Solutions

Posted on by FMTAD
Securing IEO STO ICO IDO INO the challenges and solutions EviCore NFC HSM by Freemindtronic
14
Jun

  Securing IEO STO ICO IDO and INO by Jacques Gascuel This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.

Enhancing Security: Securing IEO STO ICO IDO and INO

Cryptocurrencies are digital assets that can be used to buy goods and services, invest in projects, or trade on online platforms. In this article, we will explore the importance of securing IEOs, STOs, ICOs, IDOs, and INOs and how you can protect your investments using EviCore NFC HSM technology.

Shadowy hacker with a laptop in front of a digital map of Russia highlighted in red, symbolizing the origin of Kapeka Malware.

2024 Digital Security

Kapeka Malware: Comprehensive Analysis of the Russian Cyber Espionage Tool
April 18, 2024
A modern cybersecurity control center with a diverse team monitoring national cyber threats during the Andorra National Cyberattack Simulation.

2024 Cyberculture Digital Security News Training

Andorra National Cyberattack Simulation: A Global First in Cyber Defense
April 15, 2024
Illustration of an Apple MacBook with a highlighted M-series chip vulnerability, surrounded by symbols of data security breach and a global impact background.

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security
March 25, 2024
Digital world map with cybersecurity icons representing the Cybersecurity Breach at IMF.

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation
March 15, 2024
Digital world map showing cyberattack paths with Midnight Blizzard, Microsoft, HPE logos, email symbols, and password spray illustrations.

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?
March 10, 2024
PrintListener technology concept with NFC security solutions.

2024 Digital Security

PrintListener: How to Betray Fingerprints
February 22, 2024
A visual representation of BitLocker Security featuring a central lock icon surrounded by elements representing Microsoft, TPM, and Windows security settings.

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks
February 10, 2024
Digital shield by Freemindtronic repelling cyberattack against Microsoft Exchange

2024 Articles Digital Security News

How the attack against Microsoft Exchange on December 13, 2023 exposed thousands of email accounts
February 8, 2024

Discover our other articles on digital security

Securing IEO STO ICO IDO and INO: How to Protect Your Crypto Investments

Cryptocurrencies are digital assets that can be used to purchase goods and services, invest in projects, or trade on online platforms. They are built on blockchain technology, which is a decentralized system that records and verifies transactions without intermediaries. However, to securely and conveniently store your private keys and seed phrases, thus ensuring the security of your funds in Securing IEO STO ICO IDO and INO, you need a wallet that stores your private keys and seed phrases. These pieces of data enable you to access and control your funds on the blockchain

But how can you securely and conveniently store your private keys and seed phrases in Securing IEO STO ICO IDO and INO? How can you prevent losing them or falling victim to hackers or scammers? And how can you participate in various forms of cryptocurrency crowdfunding, such as ICOs, IEOs, STOs, IDOs, and INOs, without risking your funds?

In this article, we will address these questions and explain how to protect your private keys and starter phrases using NFC (Near Field Communication) HSM. We will also compare different cryptocurrency crowdfunding models and show how to store your private keys and starter phrases with EviCore NFC HSM technology for each of these models.

By reading this article, you will learn:

  • What ICOs, IEOs, and STOs are and how to participate in Securing IEO STO ICO IDO and INO.
  • The significance of seed phrases and private keys in Securing IEO STO ICO IDO and INO.
  • The features and functionality of EviCore HSM technology in Securing IEO STO ICO IDO and INO.
  • How to securely store your seed phrases and private keys using EviCore NFC HSM technology across various use cases in Securing IEO STO ICO IDO and INO.

If you have an interest in cryptocurrencies and want to understand how to secure your funds with EviCore HSM technology in Securing IEO STO ICO IDO and INO, please continue reading!

What are ICOs, IEOs, STOs, IDOs and INOs?

Cryptocurrencies are virtual digital assets that rely on blockchain technology, a decentralized and encrypted ledger that records all transactions conducted on the network. Cryptocurrencies enable their user community to engage in transactions without the use of traditional currencies and also fund innovative projects through cryptocurrency fundraisers.

A cryptocurrency fundraiser involves issuing tokens in exchange for cryptocurrencies. Tokens are digital units that represent a right or value associated with the funded project. There are various types of cryptocurrency fundraisers based on factors such as the nature of the tokens issued, the platform used for transactions, the involvement of trusted third parties, and the level of regulatory oversight. Let’s take a closer look at the main types of cryptocurrency fundraisers in Securing IEO STO ICO IDO and INO:

ICO (Initial Coin Offering)

An ICO is a fundraising operation in which a company issues tokens that investors subscribe to mainly with cryptocurrencies. These tokens can have different functions, depending on the project funded:

  • Utility tokens, which give access to a service or a platform developed by the company.
  • Governance tokens, which allow holders to participate in the strategic decisions of the project.
  • Security tokens, which represent a share of the capital or the revenues of the company.

An ICO usually takes place in several stages:

  • The presale, where investors can buy the tokens at a discounted price, often with a minimum amount required.
  • The public sale, where the tokens are made available to the general public, often with a maximum amount to be raised.
  • The distribution, where the tokens are sent to investors on their wallets..

The advantages of an ICO for investors are:

  • The possibility to support innovative and promising projects.
  • The possibility to benefit from a high capital gain if the project succeeds and the value of the tokens increases.
  • The possibility to diversify your portfolio with digital assets.

The disadvantages of an ICO for investors are:

  • The risk of losing all or part of your investment if the project fails or if the tokens lose their value.
  • The risk of falling for a scam or a fraud, as ICOs are poorly regulated and controlled. The risk of not being able to resell your tokens easily, as there is not always a liquid secondary market.Depending on the country where the ICO takes place, there may be rules to follow, especially in terms of investor protection, anti-money laundering or taxation. Therefore, it is advisable to check the legal status and the compliance of the ICO before investing. Some countries have banned or restricted ICOs, while others have issued guidelines or regulations to ensure their transparency and security.

IEO (Initial Exchange Offering)

An IEO is a fundraising operation in which a company issues tokens on a cryptocurrency exchange platform. The exchange acts as an intermediary between the company and investors, providing security, liquidity, and visibility for the token sale. Investors can purchase tokens using cryptocurrencies or fiat money, depending on the exchange.

An IEO typically involves a single stage:

  • Public sale: Tokens are sold on the exchange platform within a limited time frame and at a fixed price.

Advantages of IEOs for investors include:

  • Enhanced security, liquidity, and visibility compared to ICOs.
  • Access to vetted and quality projects that have been approved by the exchange.
  • Ability to trade tokens immediately after the sale on the same exchange.

Disadvantages of IEOs for investors include:

  • Dependence on a centralized intermediary that controls the token sale process and charges fees.
  • Need to comply with stricter rules and regulations imposed by the exchange and jurisdiction.
  • Risk of missing out on opportunities due to high demand and limited token supply.

STO (Security Token Offering)

An STO is a fundraising operation in which a company issues tokens that represent securities, such as shares or bonds. These tokens are backed by real assets, and investors can purchase them using cryptocurrencies or fiat money, depending on the platform.

STOs typically involve one or more stages:

  • Private sale: Accredited investors can buy tokens at a discounted price, often with a minimum investment requirement.
  • Public sale: Qualified investors can purchase tokens at a fixed price, often with a maximum fundraising amount.

Advantages of STOs for investors include:

  • Opportunity to invest in regulated and compliant projects that offer legal protection and transparency.
  • Potential for real value and returns from the underlying assets of the company.
  • Access to new markets and opportunities that were previously reserved for institutional investors.

Disadvantages of STOs for investors include:

  • Need for accreditation or qualification based on strict criteria set by regulators and platforms.
  • Lack of liquidity and availability compared to utility tokens or cryptocurrencies.
  • Complexity and cost associated with issuing and managing security tokens on blockchain platforms.

IDO (Initial Dex Offering)

An IDO is a fundraising operation in which a company issues tokens on a decentralized protocol for exchanging cryptocurrencies, known as a DEX (Decentralized Exchange). Investors can purchase tokens directly on the DEX without going through a centralized platform or intermediary.

Advantages of IDOs for investors include:

  • Speed and simplicity of the process, as it does not require identity verification or prior fund deposits.
  • Transparency and security of transactions, as they are conducted on the blockchain without reliance on a trusted third party.
  • Liquidity and accessibility of tokens, which are immediately available on the secondary market and can be exchanged for other cryptocurrencies.

Disadvantages of IDOs for investors include:

  • Technical and operational risks associated with decentralized protocols that may have vulnerabilities or bugs.
  • Regulatory and legal risks due to the lack of a clear and harmonized legal framework for cryptocurrency fundraisers.
  • Volatility and speculation risks arising from high demand and limited token supply.

INO (Initial NFT Offering)

An INO is a fundraising operation in which a company issues non-fungible tokens, called NFTs (Non-Fungible Tokens). NFTs are unique and indivisible digital assets that can represent works of art, collectibles, virtual or real goods. Investors can purchase NFTs using cryptocurrencies on specialized platforms.

Advantages of INOs for investors include:

  • Support for creative and original projects that leverage the blockchain’s potential to create value.
  • Possibility to benefit from exclusive and inalienable ownership rights over NFTs, certified by the blockchain and immune to duplication or falsification.
  • Opportunity to resell NFTs on a growing and demanding secondary market.

Disadvantages of INOs for investors include:

  • Risk of overvaluation and speculative bubbles due to the current frenzy around NFTs and their artificial scarcity.
  • Potential for counterfeiting and plagiarism, as effective legal protection for copyrights and trademarks is lacking.
  • Environmental and ethical concerns related to the high energy consumption and negative externalities generated by the blockchain.

Comparison Table of Different Cryptocurrency Crowdfunding Models

Below is a comprehensive table comparing different crowdfunding models in cryptocurrency:

Crowdfunding modelDefinitionAdvantagesDisadvantages
ICOFundraising in cryptocurrency by issuing tokens that can have various functionsSupport innovative projects, benefit from high potential gain, diversify portfolioRisk losing investment, fall for scam, not be able to resell tokens easily, face regulatory uncertainty
IEOFundraising in cryptocurrency by issuing tokens on an exchange platform that acts as a trusted intermediaryBenefit from better security, liquidity and visibility than ICOs, access a wider pool of investors and projectsDepend on a centralized intermediary, pay higher fees, comply with stricter rules, face platform risk
STOFundraising in cryptocurrency by issuing tokens that represent securities such as shares or bondsInvest in regulated and compliant projects, benefit from real value and returns, access new markets and opportunities, reduce intermediation costsBe accredited or qualified, face lack of liquidity and availability, deal with complexity and cost, follow different regulations depending on jurisdictions
IDOFundraising in cryptocurrency by issuing tokens on a decentralized exchange protocol that eliminates intermediariesEnjoy speed and simplicity of the process, ensure transparency and security of transactions, access liquidity and accessibility of tokensFace technical and operational risk, cope with regulatory and legal risk, deal with volatility and speculation
INOFundraising in cryptocurrency by issuing non-fungible tokens that represent unique and indivisible digital assetsSupport creative and original projects, benefit from exclusive and inalienable ownership of NFTs, resell NFTs on a growing and demanding marketDeal with overvaluation and speculative bubble, encounter counterfeiting and plagiarism issues, consider environmental and ethical impact

Comprehensive Table of Blockchains Supporting ICOs, IEOs, STOs, IDOs, and INOs

Here is a table showcasing the support for ICOs, IEOs, STOs, IDOs, and INOs across different blockchains, focusing on Securing IEO STO ICO IDO and INO:

BlockchainICO supportIEO supportSTO supportIDO supportINO supportBIP32 supportBIP39 supportBIP44 support
EthereumYesYesYesYesYesYesYesYes
Binance Smart Chain (BSC)YesYesYesYesYesYesYesYes
Cardano (ADA)NoNoNoYesNoYesYesYes
Solana (SOL)YesYesNoNoNoYesNoYes
Avalanche (AVAX)YesYesYesNoNoYesYesNo
Cosmos (ATOM)YesYesYesYesYesYesYesNo
Algorand (ALGO)YesYesYesYesYesYesYesNo
Stellar (XLM)YesNoYesNoNoYesYesYes

What are seed phrases and private keys?

Seed phrases and private keys are essential for accessing and controlling your funds in cryptocurrency. If they are lost or stolen, you may permanently lose access to your cryptocurrencies.

Seed phrase

A seed phrase, also known as a secret phrase, is a sequence of words, typically consisting of 12 or 24 words, that allows you to restore your crypto wallet in case of loss or theft. These words are selected in a specific order from a dictionary containing thousands of words. The seed phrase is essentially a more human-readable representation of a private key and can generate an unlimited number of public-private key pairs.

The public key is the address to which you can receive cryptocurrencies on the blockchain, similar to an IBAN for a bank account. The private key enables you to control the funds associated with a public key and initiate transactions from that address. Public and private keys are always generated as pairs.

The seed phrase is crucial for accessing your wallet and funds, and it must be kept secure and confidential. If lost or stolen, there is no way to recover it or block access to your funds.

Private key

A private key is a string of random letters and numbers generated by your wallet when it is created. It is used for encrypting and decrypting data using public-key cryptography. The private key grants access to your funds and enables you to initiate transactions on the blockchain.

A private key looks like this: 5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF

You should never share your private key with anyone or store it digitally or online. If your private key is lost or stolen, you will lose access to your funds permanently.

How to Secure Your Funds in Securing IEO STO ICO IDO and INO

To participate in an ICO, IEO, STO, IDO, or INO and ensure the security of your funds in Securing IEO STO ICO IDO and INO, you need a wallet that is compatible with the tokens being issued and the accepted cryptocurrency. There are different types of wallets available, each offering varying levels of security and convenience.

Online Wallets (Web Wallets): These wallets are accessible through a web browser. While they are easy to use, they are susceptible to hacking and theft. It is important to choose a reputable and secure online wallet.

Mobile Wallets: These wallets are installed on smartphones and provide convenience for daily transactions. However, they are vulnerable to malware and the risk of losing the phone. Ensure you have proper security measures in place for your mobile wallet, such as enabling device passcodes and biometric authentication.

Software Wallets: These wallets are downloaded and installed on a computer. They offer greater security compared to online or mobile wallets, but their reliability depends on the security of the hardware and software. Keep your computer updated with the latest security patches and use reputable wallet software.

Hardware Wallets: These physical devices are specifically designed for storing private keys. They provide the highest level of security by isolating private keys from the internet. Hardware wallets, such as Ledger or Trezor, are recommended for secure storage of your private keys in Securing IEO STO ICO IDO and INO.

Regardless of the type of wallet you choose, there are some basic rules to follow to secure your funds in Securing IEO STO ICO IDO and INO:

  1. Never share your seed phrase or private key with anyone, and avoid storing them digitally or online.
  2. Make a backup copy of your seed phrase or private key on a physical medium such as paper, metal, or plastic. Store them in secure locations.
  3. Use a strong password and PIN code to protect your wallet from unauthorized access.
  4. Regularly update your wallet software to fix any bugs or vulnerabilities.
  5. Utilize reputable antivirus and firewall software to protect your device from malware and hackers.

By following these security practices, you can significantly reduce the risk of losing your funds and ensure the safety of your investments in Securing IEO STO ICO IDO and INO.

Now, let’s explore how you can enhance the security and simplicity of your cryptocurrency transactions by using EviCore NFC HSM technology.

EviCore NFC HSM is a solution that safeguards your seed phrases and private keys in cryptocurrency using Near Field Communication (NFC) technology. With EviCore NFC HSM, you can store your seed phrases and private keys in an encrypted NFC tag or card, protected by a segmented key. This tag or card allows you to restore your wallet on any NFC-compatible device without exposing your sensitive data to the internet.

EviCore NFC HSM is compatible with major cryptocurrency wallets such as Ledger, Trezor, Metamask, Trust Wallet, and more. It also works seamlessly with popular cryptocurrency exchange platforms like Binance, Coinbase, and Kraken. This ensures optimal security and ease of managing your funds in cryptocurrency.

Here’s a step-by-step guide on how to use EviCore NFC HSM to secure your seed phrases and private keys in cryptocurrency:

  1. Download the application that incorporates the EviCore NFC HSM technology on your NFC-compatible Android smartphone.
  2. Pair the NFC HSM device with your smartphone using the unique pairing key.
  3. Translate to English: Add the seed phrase by simply clicking on the multi-language BIP39 words provided during the creation of your secure cryptocurrency wallet, without typing anything on the keyboard, as EviCore NFC HSM performs real-time checksum verification of the seed phrase before securely encrypting and storing it in the NFC device.
  4. You can also add the private key derived from the seed phrase without entering or scanning its QR code through the Android NFC application, which will automatically encrypt and store it in the NFC device in less than 5 seconds. You just need to indicate beforehand which blockchain your derived key belongs to before the registration pro

By utilizing EviCore NFC HSM, you can secure your seed phrases and private keys with maximum security and unparalleled ease of use. You no longer need to worry about losing or having your sensitive data stolen, as you can store them in a physical device that can be carried with you wherever you go. Additionally, you can securely share your seed phrases and private keys with others using encrypted RSA-4096 public keys or segmented key authentication, making it easier to transmit funds to your heirs.

EviCore NFC HSM technology is the ideal solution for securing your seed phrases and private keys in cryptocurrency, enabling you to fully embrace the opportunities offered by cryptocurrencies while minimizing unnecessary risks. If you’re interested in this innovative solution, visit Freemindtronic’s website or contact them for more information.

Additionally, if you’re seeking an alternative method to secure your crypto fundraising, you may consider EviCore HSM OpenPGP technology. This technology transforms your Android or iPhone into a hardware security module (HSM) for encrypting and storing your crypto keys. It leverages the highly secure OpenPGP standard, known for its reliability and security. To learn more about this technology and how it can help you safely fund your blockchain project, you can refer to this article link

Conclusion

In this article, we have provided insights into participating in various forms of cryptocurrency crowdfunding, including ICOs, IEOs, STOs, IDOs, and INOs. We have emphasized the importance of securing your seed phrases and private keys in Securing IEO STO ICO IDO and INO and introduced EviCore NFC HSM technology as a solution. By adopting EviCore NFC HSM, you can enhance the security and simplicity of your cryptocurrency transactions while mitigating risks. We hope this article has been informative and valuable to you. Should you have any questions or comments, feel free to leave them below.

Thank you for reading, and happy investing in Securing IEO STO ICO IDO and INO!