what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Protectimus SLIM NFC Time Manipulation

Protectimus SLIM NFC Time Manipulation
Posted Jun 18, 2021
Authored by Matthias Deeg | Site syss.de

When analyzing the Protectimus SLIM TOTP hardware token, Matthias Deeg found out that the time used by the Protectimus SLIM TOTP hardware token can be set independently from the used seed value for generating time-based one-time passwords without requiring any authentication.

tags | advisory
advisories | CVE-2021-32033
SHA-256 | 18da959eb49ff3d5b8d29ab92f7247fff8490774b451cce50831a03dc291d6c0

Protectimus SLIM NFC Time Manipulation

Change Mirror Download
Advisory ID: SYSS-2021-007
Product: Protectimus SLIM NFC
Manufacturer: Protectimus
Affected Version(s): Hardware Scheme 70 / Software Version 10.01
Tested Version(s): Hardware Scheme 70 / Software Version 10.01
Vulnerability Type: External Control of System or Configuration Setting
(CWE-15)
"Time Traveler Attack"
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2021-02-04
Solution Date: -
Public Disclosure: 2021-06-16
CVE Reference: CVE-2021-32033
Author of Advisory: Matthias Deeg (SySS GmbH)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Overview:

Protectimus SLIM NFC is a reprogrammable time-based one-time password
(TOTP) hardware token.

The manufacturer describes the product as follows (see [1]):

"
Protectimus SLIM mini is a new generation of reprogrammable TOTP
hardware tokens. They can be used in 2FA systems based on OATH
standards, and easily reflashed using an application installed on your
NFC-capable Android smartphone. It allows the user to determine the
OTP’s expires (30 or 60 seconds), and also set up a secret key.
"

Due to a design error, the time (internal real-time clock) of the
Protectimus SLIM TOTP hardware token can be set independently from the
used seed (secret key) for generating one-time passwords without any
required authentication.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vulnerability Details:

When analyzing the Protectimus SLIM TOTP hardware token, Matthias Deeg
found out that the time used by the Protectimus SLIM TOTP hardware token
can be set independently from the used seed value for generating
time-based one-time passwords without requiring any authentication.

Thus, an attacker with short-time physical access to a Protectimus SLIM
token can set the internal real-time clock (RTC) to the future,
generate one-time passwords, and reset the clock to the current time.

This allows for generating valid future time-based one-time passwords
without having further access to the hardware token.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Proof of Concept (PoC):

For demonstrating the time traveler attack exploiting the described
security vulnerability, Matthias Deeg developed a Lua script for the
Proxmark3 [2].

The following output exemplarily shows a successful attack for
generating a valid future one-time password for an attacker-chosen point
in time against a vulnerable Protectimus SLIM TOTP hardware token:

[usb] pm3 --> script run hf_14a_protectimus_nfc -t 2021-03-14T13:37:00+01:00
[+] executing lua
/home/matt/research/proxmark3/client/luascripts/hf_14a_protectimus_nfc.lua
[+] args '-t 2021-03-14T13:37:00+01:00'
[+] Found token with UID 3F10000323540E
[+] Set Unix time 1615725420
[!] Please power the token and press <ENTER>

[+] The future OTP on 2021-03-14T13:37:00+01:00 (1615725420) is 303831
[+] Set Unix time 1612451460

[+] finished hf_14a_protectimus_nfc


A SySS proof of concept video illustrating this security Vulnerability
is available on our SySS Pentest TV YouTube channel [5].

The developed Lua script for Proxmark3 is available on our GitHub
site [6].

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Solution:

SySS is not aware of a solution for the described security issue.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclosure Timeline:

2021-02-04: Vulnerability reported to manufacturer
2021-02-04: Manufacturer acknowledges receipt of security advisory and
asks for further information
2021-02-05: SySS provides further information to manufacturer
2021-06-16: Public release of security advisory

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

References:

[1] Product website for Protectimus SLIM NFC
https://www.protectimus.com/protectimus-slim-mini/
[2] Proxmark3 GitHub repository by the RFID Research Group
https://github.com/RfidResearchGroup/proxmark3
[3] SySS Security Advisory SYSS-2021-007

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-007.txt
[4] SySS GmbH, SySS Responsible Disclosure Policy
https://www.syss.de/en/responsible-disclosure-policy
[5] SySS Proof of Concept Video: To the Future and Back - Attacking a
TOTP Hardware Token
https://www.youtube.com/watch?v=C0pM6TIyvXI
[6] Protectimus SLIM NFC Lua script for Proxmark3
https://github.com/SySS-Research/protectimus-slim-proxmark3

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Credits:

This security vulnerability was found by Matthias Deeg of SySS GmbH.

E-Mail: matthias.deeg (at) syss.de
Public Key:
https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc
Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclaimer:

The information provided in this security advisory is provided "as is"
and without warranty of any kind. Details of this security advisory may
be updated in order to provide as accurate information as possible. The
latest version of this security advisory is available on the SySS website.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Copyright:

Creative Commons - Attribution (by) - Version 3.0
URL: http://creativecommons.org/licenses/by/3.0/deed.en

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    0 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close