iKey 1000 Allows Administrative and Data Access
Reported July 20, 2000 by @Stake

VERSIONS EFFECTED
Rainbow Technologies iKey 1000

DESCRIPTION

By physically accessing the iKey 1000 hardware device, its tamper-proof mechanisms can be bypassed thereby providing access to the Master Key (MKEY), normally used for administrator level access. With a standard device programmer the MKEY can be reset to a known value where the iKey could then be used to gain unauthorized access to data.

VENDOR RESPONSE

Rainbow Technologies responded promptly with a press release where the companies cheif technology officer stated, "Rainbow has made a corporate commitment to achieve FIPS 140-1 physical security validation on certain models of iKey this year and are committed to the Common Criteria security evaluation process." Rainbow also offers the iKey 2000, a physically secure token for B2B, enterprise security and other sophisticated PKI applications.

Users are urged to protect against unauthorized physical access to their hardware-based security devices in an effort to prevent such tampering.  

CREDIT
Discovered by @Stake