bit-tech.net

Victorinox launches hacker challenge

Victorinox launches hacker challenge

The Victorinox Secure penknife includes a biometric scanner for the USB drive - and a £100,000 prize if you can break into it.

Victorinox is so convinced that its latest biometric-secured flash drive – included as part of its top-end range of penknives – is secure, it's offering £100,000 to any enterprising hacker or cracker who can break into it.

As reported over on The Register, the company is holding the competition at its New Bond Street store in London on Thursday the 25th and Friday the 26th of March.

The competition is looking to drum up interest in the company's latest Swiss Army knives, which feature an in-built USB flash drive with integral fingerprint scanner. If you don't swipe the right print, the device not only refuses to mount the drive but also e-mails its owner – and if no response is received within a certain time period, it automatically deletes the contents of the drive.

Those wishing to participate are encouraged to fill in the competition application form. While not all that do will be selected to participate, those lucky few – the competition is limited to 24 entrants - who are will find themselves in for a treat: as well as a two-hour window to attempt to break the biometric-based security system on the drive in order to get their hands on the £100,000 top price, participants will get a Cybertool Lite penknife whether they are successful or not.

A successful crack is defined by Victorinox as reading a file stored in the secure partition “in plaintext” without using the original password or fingerprint, and recording the attempt in such a way that Victorinox would be able to repeat the feat – and, more importantly, fix the flaw and improve the security of the device.

Any budding hackers fancy their chances at the £100,000 top prize, or are you tempted to enter simply to get your hands on the free penknife? Share your thoughts over in the forums.

18 Comments

Discuss in the forums Reply
mi1ez 23rd March 2010, 10:07 Quote
Sod the contest, I know what my next pendrive will be!
rickysio 23rd March 2010, 10:15 Quote
Too bad you can't crack the biometric instead - channelling MythBusters, all you need is tape.
liratheal 23rd March 2010, 10:37 Quote
I'll be interested to see how this goes.

Wish I was any where near good enough to bother applying!
Omnituens 23rd March 2010, 10:47 Quote
If I lived close enough, I'd sign up just for a laugh.
crazyceo 23rd March 2010, 11:28 Quote
Quote:
Originally Posted by rickysio
Too bad you can't crack the biometric instead - channelling MythBusters, all you need is tape.

Right you are! I'm heading over to Discovery on demand to see if that one is available. If my memory is correct, they went really advanced to crack the Microsoft fingerprint reader and really had to go over the top to do it using jelly mold fingertips with heating and a secret portion not shown on telly. However, the uncrackable $600 door lock was done with a photocopy of the finger print!

Since we can't use the original fingerprint, maybe all that is pointless?
sicone 23rd March 2010, 11:33 Quote
Hmmm, the store is a 5min walk from my work so I may have to pop in during my lunch break and watch
JrRRr 23rd March 2010, 11:49 Quote
Original PR-stunt. Makes me wanna buy one..
Bauul 23rd March 2010, 12:15 Quote
Sounds like the real weak point in the system, obtaining a copy of the original finger-print, has been excluded from the scope of the task. Still be interested to see if anyone can do it.
DeathAwaitsU 23rd March 2010, 12:42 Quote
I smell a set-up tbh. 24 people that will be "selected"
How much you willing to bet that anyone that has the actual status of hacker wont be "selected" for this challenge
Matticus 23rd March 2010, 15:02 Quote
Quote:
Originally Posted by DeathAwaitsU
I smell a set-up tbh. 24 people that will be "selected"
How much you willing to bet that anyone that has the actual status of hacker wont be "selected" for this challenge

What would be the point in that? The idea of competitions like this and white hat hacking in general is to show up flaws in the system, and the best people at this are hardcore hackers.

Many hackers get offered jobs after successful high profile hacks.
Mighty Yoshimi 23rd March 2010, 16:23 Quote
This is great. Carry your encrypted data around with you in the form of a knife. Then if you get stopped and searched by the police then you get in trouble. At least that's how they're trying to make it!

In the UK anyway!
Volund 23rd March 2010, 16:27 Quote
don't like the knife... but loving the USB key :D
Fordy 23rd March 2010, 18:52 Quote
Quote:
Originally Posted by Mighty Yoshimi
This is great. Carry your encrypted data around with you in the form of a knife. Then if you get stopped and searched by the police then you get in trouble. At least that's how they're trying to make it!

In the UK anyway!

Police won't confiscate a Victorinox, or other multitool.

It has obvious purpose. In the UK, you can carry any <3.5" blade excluding locking or flick blades.

Any length or type may be carried if concealed with good verifiable reason. (Ie. I'm a member of a hunting club, heres the number. Or I'm a Scout Leader, hence the wonky uniform)


But anyway, on topic, surely the best way to crack it is to desolder the memory chip, and fit it to a pre-made sans hardware encryption reader?

Doesn't say anything about that being disallowed. Feel free to try to implement that master plan anyone - I won't be able to make it there. But if you win, your welcome to my PayPal ;)

(Unless, of course i consider your hacking skill to be upto the task of fauxing PP...)
Saivert 23rd March 2010, 19:19 Quote
since you swipe the finger, there is not much of a print remaining on the plate is it?
something else with those "press finger against surface" type of devices.
And I know a print can remain even after cleaning the surface. Forensics sure have lifted prints from cleaned surfaces before. Of course depends on how good of a cleaner you are.
g3n3tiX 23rd March 2010, 21:28 Quote
I see no mention of encryption anywhere, just lock and delete.
Just piggyback off the NAND flash and off you go.
Of course, if it's encrypted, it's slightly more difficult...
ch424 23rd March 2010, 21:44 Quote
Surely it's pretty trivial to fake an email response saying everything's fine?
cgthomas 23rd March 2010, 23:34 Quote
I can decrypt windows passwords with a calculator, will that qualify me to take part?
DeathAwaitsU 24th March 2010, 00:27 Quote
Quote:
Originally Posted by Matticus
What would be the point in that? The idea of competitions like this and white hat hacking in general is to show up flaws in the system, and the best people at this are hardcore hackers.

Many hackers get offered jobs after successful high profile hacks.

The point would be its a pr stunt and no company wants to give away 100k tbh. How can you think otherwise, considering they are only allowing 24 people that they "select"
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums