Victorinox offers hackers £100,000 challenge Swiss Army Knife maker Victorinox is asking the best of Britain's hackers to try and beat the biometric security built into its latest USB Flash drive-fitted penknife. If you manage it, you stand to win £100,000. The company will be holding trials at its New Bond Street, London shop this coming Thursday and Friday, 25 and 26 …
..are we talking deletion of files, or are we talking a full-on EMP pulse to the electronic brain of the device? Only I can see that being a bit of a problem if you stick the thing in a computer and your webmail provider just happens to be offline at the time.
Still, could be useful for certain government employees who have a habit of leaving things on trains.
It's less than 3" AND non-locking. Unless you have a specific reason. (Per S.139, CJA 1989 and subsequent case law (Ignorance being no defence before the bar, and all that... (Also, IA very much NAL, but that's what it said last time I looked))
So, yes, the Swiss Army Knife is fine.
/coat. 'Yes, Officer - I do have something sharp on me'...
Gets access to the internet connection? It's a USB drive.
I bet it's using autorun and a windows.exe - trivially defeatable. Plug it into a mac, for example.
Assuming it has some kind of encrypted partition it would take some time to reverse engineer from the supplied software - maybe more than 2 hours (depending on how good it is) - but given that the both the decryption software and the key are on the drive.. not that hard.
firstly, it gets access to the net from the pc it gets plugged into.... if it's online of course.
victorinox would be utterly retarded to even consider *not* encrypting it. and even more retarded for thinking of using windows.
my bet is, they have an embedded linux kernel on it, and a most definitely encrypted partition.
so it will run itself, and determine whether or not to nuke itself without the need for a certain type of OS on the host computer. that's the only way I see it working as they claim it does.
just one thing, why would it be easy to decrypt an encrypted drive?
the software won't be able to decrypt the drive. you have to give the *device* a fingerprint reading to decrypt it, or a password, not the supplied software. again, mostly betting.
If some guy wins the hundred grand by reverse engineering victorinox's windows software in under 2 hours I'll admit youre right.
in conclusion, sir, i call bullshit.
The terms of the competition are cunning enough that they're protected by the law of averages.
You get to keep the device whatever happens, so there is no disincentive to stop non-hackers turning up. This will effectively crowd out the hardcore crackers, who would have been hampered by the unrealistic restrictions. Real-world hackers get more than two hours, and clearly don't play within the law, after all.
It also seems to prohibit offering a judge 50k to swipe his/her finger over the print.
The print reader does seem to be the standard line-scanner type, so copying finger prints seems trivial in a practical situation, seeing how many nice shiny flat surfaces are available, should you 'find' such a knife.
Give them 2 hrs + 2hrs travelling time to take the device away and hack it. 2h in a store under controlled conditions - unrealistic. 2h is artificial as well, 2 days is more realistic (i.e. time to locate and recover a stolen item).
They won't sell many - try getting on a plane with this...
1. Tell the police that you think a someone in the Victorinox shop had a memory stick with some animal porn on (of it might have just been the sugar puffs honey monster, it wasn't clear)
2.Police come in and force the decryption under Part III of the Regulation of Investigatory Powers Act
3.???
4.Profit
Only hard part is timing it correctly so end of the maximum allowed RIPA time falls within the 2 hour window.
In all seriousness the competition is a bit of a joke, fingerprint scanners can be quite susceptible to fake fingerprints made from a print of the original fingerprint (something fairly easy to pick up in real life but there is no chance of Victorinox providing one).
Mines the one with nitric acid and a microscope in the pocket.
use the knife attached to the usb drive to hack off the finger or thumb that has the key. if you're in a rush just take both hands.
every time somebody shows me biometrics i ask them to google
malaysia machete mercedes
which leads to a grisly story of a man who can only count to nine after robbers took his 'key'.
or if you want hi tech then the german chaos computer club who copied and published Wolfgang Schauble's fingerprint. so if he ever uses his fingerprint for security again it can be accessed by anybody with a little knowhow.
http://www.bkcg.co.uk/guide/law.html
contains all the relevant links.
on the Victorinox website Both secure flash knives (8 & 16 GB) are 5.8 cm in length (2.3" ) so i guess the blade on it is about 2 inches falling within the legal requirements of maximum of 3 or less inches (not 3.5). Location is also important concerning whether your are breaking the law regardless of the length when carrying any item that could be used as an offensive weapon.
http://www.victorinox.com/product/1/100/1007/4.6026.TG16F
On a distant Desert island...."No worries! i downloaded a Ray Mears survival guide to my Swiss army novelty knife..we're saved! all we need now is a laptop."
So you plug it into someone's PC forgetting about the self-destruct. But he's not got an internet connection. What now? Immediate wipe? Grace period?
The "unknown computer" thing is stupid -- if I want to restrict my data to a single "known good" computer, well I'll use the hard drive in my "known good" computer.
And if I was a data courier transferring secure data between two "known good" computers, I don't think I'd need a pen knife. No-one who genuinely needs this level of data security wants it in a penknife.
It's just cynical headline fodder.
anyone for ka-bar?
this knife is for loosing it in a train (no protection): http://www.chinawholesalegift.com/Electric-Gifts/USB-Memory-Stick/Swiss-Series-USB-Flash-Disk/Swiss-Army-Knife-USB-Flash-Drive-23162482.htm ;
and this one is either for the complete pacifists or for the province of Cognac' occupational forces: http://www.ahajokes.com/crt919.html .
You travel to a country like the States, they take the drive away from you to inspect it, but of course, you are not given access to a computer, so can't reply to the e-mail, and your data is wiped. Never mind that the computer that the drive is inspected on may block unauthorized e-mails or in fact not even be connected to the Internet in the first place. How clever.
OK, OK, I'm leaving now.
Why?? I mean, seriously, WHY.
Its a knife, a tool to remove stones from horses hooves, to trim my nails, tighten the screws on my glasses, why in the name of all thats holy do i want a usb drive on it??? A torch, now thats a useful addition, a compass, pen, tooth pick, saw, tweezers (see the pattern?) a usb drive???? eh???? Swiss are fucked......
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
