To the Future and Back: Hacking a TOTP Hardware Token (Protectimus SLIM NFC)

In this PoC video, SySS IT security expert Matthias Deeg demonstrates a "time traveler attack" against the vulnerable TOTP hardware token Protectimus SLIM NFC.

Due to design error, the time (internal real-time clock) of the Protectimus SLIM NFC TOTP hardware token can be set indipendently from the used cryptographic secret (seed value) for generating one-time passwords (OTPs) without any required authentication.

This enables an attacker with short-time physical access to a Protectimus SLIM NFC token to set the internal real-time clock to the future, generate one-time passwords at will, and afterwards reset the clock to the current time.

This allows for generating valid future time-based one-time passwords without having further access to the hardware token.

The referenced paper titled "On the Security of TOTP Hardware Tokens" written by Matthias Deeg and Gerhard Klostermeier is available at [3].

And do not forget to check out our new Tech Blog [4].

[1] SySS Security Advisory SYSS-2021-007
https://www.syss.de/fileadmin/dokumen...

[2] Protectimus SLIM NFC Lua script for Proxmark3
https://github.com/SySS-Research/prot...

[3] On the Security of RFID-based TOTP Hardware Tokens
https://www.syss.de/fileadmin/dokumen...

[4] https://blog.syss.com/

#totp #security #vulnerability