A Kickstarter project aims to give you a Bluetooth Low Energy-enabled wristband that replaces keys and passwords. Everykey ( http://everykey.com ) from the Cleveland, Ohio-based company of the same name, Everykey, is a fashionable band that can be instantly disabled if your Everykey ever gets lost or stolen. You call the team or go online to deactivate it. A message is immediately sent to all of your devices letting them know that they should not unlock for your wristband. The team would overnight you a new wristband at a discount. As the team says in their promotional video, it pretty much "unlocks your life." When the Everykey wristband is within range of a user's device, the wristband will allow the user to bypass that device's password or physically unlock it automatically. When the wristband is out of range, the device automatically re-enables security mechanisms.
They say their security is military-grade. (Everykey uses AES 128-bit encryption), and they also highlight an "obsession with design and usability." Fashion, they said, was their "north star." Color options were selected to reflect a unique personality. The band has a silicon exterior with a lightweight metal skeleton. Everykey works with Mac OS 10.9 (Mavericks), Windows 8.1, and Android 4.4 (KitKat). They are currently developing support for jailbroken versions of iOS as well as Ubuntu 14+ (Linux). The circuit board is powered by their custom bent lithium-polymer battery. The team said that you would need to charge it about once a month. After the battery runs out, you can charge Everykey using an included Micro USB to USB cable.
http://phys.org/news/2014-11-wristband-encryption-grant-access-devices.html
[More Info]: http://www.prweb.com/releases/everykey/kickstarter/prweb12262874.htm
What does SN think about this project ?
(Score: 3, Informative) by cyrano on Wednesday November 12 2014, @12:09PM
How's AES 128 even close to military grade encryption?
The quieter you become, the more you are able to hear. - Kali [kali.org]
(Score: 0) by Anonymous Coward on Wednesday November 12 2014, @01:10PM
I'm just going to assume that it runs systemd (what doesn't these days?!), and that's what makes it secure.
(Score: 2) by VLM on Wednesday November 12 2014, @01:18PM
I have enough microcontroller experience to know what I'm doing and know enough crypto to be really dangerous so in my infinite spare time I've been thinking of implementing my own "security dongle market clone number 35513153" which would use classic WWII enigma algo. I mean, technically, it is military grade, for gods sake half the planet was conquered by a military using that algo, so what could possibly go wrong? It would be a pretty good way to end up on hackaday. I'd probably hack together a horrific huge beast using arduino and shields rather then even trying to miniaturize. Primary problem is lack of spare time / better things to do. It wouldn't be very difficult. I'd probably do it the "wrong" way with regular high power bluetooth and a BT-serial instead of emulating a keyboard (because RFCOMM speaking breakout boards / shields are more common and cheaper than HID speakers, although I know HID speakers are available)
TLDR is VLM wants to implement WW2 Enigma machine on an arduino and market it as "military grade encryption" as a stunt.
(Score: 2) by tempest on Wednesday November 12 2014, @02:08PM
AES128 is considered sufficient for information classified as Secret by the NSA (with AES192/256 required for Top Secret), so I'd guess AES128 qualifies as "military grade".
(Score: 2) by Immerman on Wednesday November 12 2014, @03:46PM
Maybe they dropped a word? Should be "military approved security". For the masses obviously, one would hope the military uses better encryption for anything important.
(Score: 2) by VLM on Wednesday November 12 2014, @12:20PM
I can feel those overlapping corners digging into my wrist every time I bend it or swing my arm. ooooh. On the other hand, I could just stick the thing in a pocket or maybe around my ankle, my shoe would protect my foot, hopefully. I wonder if someone with very big hair could wrap a pony tail in in.
I haven't worn something on my wrist since the 90s when I started carrying a phone instead of a watch, that alone is going to be weird.
I have noticed an absolute blind fixation by wearable/carried designers that they "MUST" use a bracelet design because they have to copy every other wearable designer, which is pretty lame. Actual wearable / carried devices have the size and shape of a phone or pocketwatch or wallet. In the real world, not the "copy every other designer world", I would be much more likely to go wearable if the wearable was shaped like an old motorola startac or like my wallet but smaller or a cute little pocketwatch thing. Just make a case for a phone and be done with it.
(Score: 2) by WizardFusion on Wednesday November 12 2014, @12:24PM
Agreed. I have not worn a watch for quite some time. I am tempted by the new LG G Watch R however - that thing looks nice.
(Score: 2) by GreatAuntAnesthesia on Wednesday November 12 2014, @12:32PM
Even better, put the hardware in as small a case as you can, and then sell a variety of different decorative pieces that the case will fit into - then you can have it as a colourful plastic wristband if that's what you want, or a neat digital watch, or a jewel-studded bracelet, or a mobile phone casing, or a brooch, or an anklet, hairband, pocketwatch, eyepatch, cockring, Tony-Stark-style glowing chest-implant or whatever your personal reference is. You could even try to multiple housings to each customer, so that the thing can be a different fashion accessory for different occasions.
It strikes me as a fairly obvious missed business opportunity.
(Score: 2) by VLM on Wednesday November 12 2014, @01:11PM
How bout a hat? We know people will pay a lot of money for baseball caps and fedoras, so having a simple little "pin" that clips into a hat could sell.
"I need to log into that Fedora server so I need to find and wear my fedora"
Something to think about with phones is if its an app the security would be worthless, you know the NSA/etc own it totally. However. If there was a SIM shaped standard that provided absolutely nothing but two connections, power and ground... Then you could swap it between phones, which would be cool, and it would "always" have power, and people would "always" know there their phone (thus key) is located...
(Score: 3, Insightful) by jackb_guppy on Wednesday November 12 2014, @01:04PM
Nice idea, all your devices one with one key. One key to rule them all. Get for privacy, there is nothing stopping the police from using one piece of equipment to open the others. Also I assume they have all the keys also stored at central site.
(Score: 3, Insightful) by VLM on Wednesday November 12 2014, @01:27PM
I'd assume more, the kickstarter page doesn't comment about open or closed source and so far it only works on closed source or closed source compatible OS and there's a difference between open firmware and a mere open API so I think we can safely assume that 128 bits of ASCII "I'm a cop" instead of an AES128 key will magically bypass the works and unlock. Probably a lot more than one key and probably make it look like an accident. "Oh whoops who ever could have guessed if you pass it a 420 bit key accidentally instead of a 128 bit key that it smashes the stack and unlocks" "Oh whoops who ever could have guessed out PRNG has a bug so you have a key that is 128 bits long but only contains 16 bits of randomness, why how unexpected"
Or more likely some MITM fun can be implemented. You try to unlock your phone to see that text message, oh thats funny it didn't work, try again and it works. The first time, you got MITM'd and someone had you unlock your bank account instead of your phone. Of course you'll be 100% liable for any losses because this is a secure unbreakable system and it would be a DMCA violation to even research it much less discuss or report on it. In fact thinking about vulnerabilities is in itself probably a thought crime, citizen, maybe you better turn yourself in.
(Score: 2) by cyrano on Wednesday November 12 2014, @06:23PM
No Whoops at all...
The flaws you mention have been demonstrated in 2009 and a more severe flaw in 2010, by one of the people who invented Rijndael, Vincent Rijmen:
http://eprint.iacr.org/2010/337.pdf
The quieter you become, the more you are able to hear. - Kali [kali.org]
(Score: 2) by WillR on Wednesday November 12 2014, @02:17PM
Personally, I'm sticking with a keepass database synced to various devices with dropbox. At least that only leaks the time I last added/changed a password, not every time I use one.
(Score: 2) by marcello_dl on Wednesday November 12 2014, @07:45PM
> When the Everykey wristband is within range of a user's device, the wristband will allow the user to bypass that device's password
Bringing the device near the owner unlocks it? Pranksters rejoice!
(Score: 2) by urza9814 on Thursday November 13 2014, @08:52PM
Yeah...it protects only against people who have access to your device but no access to you or your life.
It doesn't protect against your spouse, relatives, or prankster friends.
It doesn't protect against police or government agents.
It doesn't protect against a guy mugging you at gunpoint or breaking into your house.
The only situation I can think of where it WOULD offer some protection is if you're one of those careless people who leaves your phone sitting in a taxi or something. Even a pickpocket might have time to disable this before you step out of range.
I'll stick with my passwords, thanks. Sure, you could probably get it out of me with a $5 wrench, but at least it's unlikely that you'll get it without my knowledge. And it's very effective at blocking the more "casual" hacks.