Discover Cyber-Attack Remediation Tactics at SANS Seattle. Save $350 thru 2/20.

Paris 2017

Paris, France | Mon, Jun 26, 2017 - Sat, Jul 1, 2017
This event is over,
but there are more training opportunities.

Secrets in Soft Token

  • Mouad Abouhali
  • Tuesday, June 27th, 6:00pm - 7:00pm

Nowadays, many companies tend to deploy two factors authentication means to remotely access their infrastructure. Lately, the use of Soft Token applications instead of Hardware tokens seduces more and more, especially in regards to financial aspects (deployment and maintenance costs).

Mouad will present a security study of the Android version of HID Soft Token application (HID Global). This study covers the mechanisms that are used by the application to protect the main functional processing as generating encryptions keys, OTP keys, etc. Besides, the study lays the groundwork for shedding light on two vulnerabilities that affect the application.

Indeed, the cryptographic operations that are implemented by the application suffer from a certain weaknesses that allow an attacker (under certain circumstances) to retrieve the main resources of an enrolled HID Soft Token application that belongs to a legitimate user, clone its configuration and particularly discover the victim‚s PIN by the means of a brute force attack.


Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
Monday, June 26
Session Speaker Time Type
Cyber Risks to Critical Infrastructure Systems Mark Bristow Monday, June 26th, 6:00pm - 7:00pm SANS@Night
An Introduction to Online Malware Hunting Erik Van Buggenhout Monday, June 26th, 7:00pm - 8:00pm SANS@Night
Tuesday, June 27
Session Speaker Time Type
Secrets in Soft Token Mouad Abouhali Tuesday, June 27th, 6:00pm - 7:00pm SANS@Night
The Real CSI Jason Jordaan Tuesday, June 27th, 7:00pm - 8:00pm SANS@Night