iKey 1000 Administrator Access

Rainbow Technologies' iKey 1000 is a portable USB device providing authentication and digital storage of passwords, cryptographic keys, credentials, or other data. Administrator access to the iKey 1000 is provided with the MKEY (Master Key) password and allows device initialization, configuration, and access to all data stored on the key.

By using any industry-standard device programmer, the MKEY value can be recovered or changed to a new user-defined value. This will allow the attacker to login to the iKey 1000 with administrator privileges and access all public and private data. This attack requires physical access to the device circuit board, which can be gained in under 30 seconds with no special tools and leaving no proof of attack.

iKey 1000 devices created after November 1999 have been updated to prevent these attacks.

Platforms: Rainbow Technologies' iKey 1000 (old revision) USB Hardware Token
Severity: An attacker can login as administrator and access all private information stored on the device with no detection by the legitimate user.

Security Advisory: iKey 1000 Administrator Access and Data Compromise

iSpy is a password recovery and data extraction tool for Rainbow Technologies' iKey 1000 (old revision) USB authentication tokens. Allows quick extraction of all private, public, and configuration data from the key after a successful login using the retrieved 8-byte obfuscated MKEY value.

Platforms: Win 98/NT

Tool: iSpy

Originally published as an @stake Security Advisory.