If security researchers claim that a software, hardware, device or anything which they develop is unhackable, they call themselves in for a challenge. In a latest revelation, a U.K.-based cybersecurity company, Pen Test Partners’ researcher David Lodge has discovered that eyeDisk is anything but unhackable.
Also Read: Did you know that Facebook employees can access your account without password?
eyeDisk and the research
Essentially, eyeDisk is a secured USB flash drive which uses iris recognition to decrypt and unlock the device. Last year during its Kickstarter campaign, eyeDisk raised over colossal $21,000. Moreover, it also started to ship the flash drives in March.
However, there is only one ambiguity which is that eyeDisk is still hackable even after claims that it is not.
David Lodge in his detailed findings discovered that the drive’s backup password is not something which cannot be obtained. He said that the password could be attained via using a software tool which will ultimately help in snuffling USB device traffic.
In his detailed blog post, David penned:
“That string in red, that’s the password I set on the device. In the clear. Across an easy to sniff bus”
Not only that, another worst case scenario is that if the correct password is erroneously entered then the eyeDisk’s real password can be easily picked up. David further wrote about it:
“As the device revealing its password first, then validating it against whatever password the user submitted before the unlock password is sent”
David was of the view that anyone who uses eyeDisk should also use an extra encryption on the device. As a result, it will help the individual in securing the drive which could be hacked quite easily.
Pen Test Partners’ researcher also revealed this imperfection to eyeDisk and they assured to solve this very problem. However, the problem is not yet fixed and the firm is yet to make a comment so far about it.