RSA SecurIDs Get Cracked In 13 Minutes By Computer Scientists

Posted Jun 26, 2012

Major corporations, government agencies, and small businesses all hand out RSA SecurID fob keychains to employees so that they can log in to their systems for security reasons. The security number on the fob keychain constantly change to make cracking into computers difficult. Several computer scientists said that they have no figured out how to extract the key from the RSA tokens in as little as 13 minutes. The scientists call themselves Team Prosecco. Prosecco cracked the SecurID 800 and other tools produced by other companies. They published what they found in a research paper and it will be presented at a cryptography conference in August.

RSA Security is a division of data storage company EMC. They are one of the largest manufacturers of security ID fobs. RSA spokesman Kevin Kempskie said that their own computer scientists are determining whether the research by Prosecco is valid.

?RSA takes these kinds of research reports seriously,? said Kempskie in an e-mail interview with The New York Times. ?If there is a potential serious security vulnerability or threat to our customers, RSA will move quickly to address it.?

This is not the first time that the RSA SecurIDs have been hacked. In March 2011, RSA said that hackers breached its data protection. A few months after that, Lockheed Martin said that their computer network had been hacked.

Some cryptographers believe that the standards used by these encryption tools are obsolete and are vulnerable to attacks. Prosecco was able to crack the RSA token in 13 minutes, a Siemens device in 22 minutes, and a Gemalto device in 92 minutes.