SoylentNews is people
SoylentNews
A Kickstarter project aims to give you a Bluetooth Low Energy-enabled wristband that replaces keys and passwords. Everykey ( http://everykey.com ) from the Cleveland, Ohio-based company of the same name, Everykey, is a fashionable band that can be instantly disabled if your Everykey ever gets lost or stolen. You call the team or go online to deactivate it. A message is immediately sent to all of your devices letting them know that they should not unlock for your wristband. The team would overnight you a new wristband at a discount. As the team says in their promotional video, it pretty much "unlocks your life." When the Everykey wristband is within range of a user's device, the wristband will allow the user to bypass that device's password or physically unlock it automatically. When the wristband is out of range, the device automatically re-enables security mechanisms.
They say their security is military-grade. (Everykey uses AES 128-bit encryption), and they also highlight an "obsession with design and usability." Fashion, they said, was their "north star." Color options were selected to reflect a unique personality. The band has a silicon exterior with a lightweight metal skeleton. Everykey works with Mac OS 10.9 (Mavericks), Windows 8.1, and Android 4.4 (KitKat). They are currently developing support for jailbroken versions of iOS as well as Ubuntu 14+ (Linux). The circuit board is powered by their custom bent lithium-polymer battery. The team said that you would need to charge it about once a month. After the battery runs out, you can charge Everykey using an included Micro USB to USB cable.
http://phys.org/news/2014-11-wristband-encryption-grant-access-devices.html
[More Info]: http://www.prweb.com/releases/everykey/kickstarter/prweb12262874.htm
What does SN think about this project ?
(Score: 3, Insightful) by VLM on Wednesday November 12 2014, @01:27PM
I'd assume more, the kickstarter page doesn't comment about open or closed source and so far it only works on closed source or closed source compatible OS and there's a difference between open firmware and a mere open API so I think we can safely assume that 128 bits of ASCII "I'm a cop" instead of an AES128 key will magically bypass the works and unlock. Probably a lot more than one key and probably make it look like an accident. "Oh whoops who ever could have guessed if you pass it a 420 bit key accidentally instead of a 128 bit key that it smashes the stack and unlocks" "Oh whoops who ever could have guessed out PRNG has a bug so you have a key that is 128 bits long but only contains 16 bits of randomness, why how unexpected"
Or more likely some MITM fun can be implemented. You try to unlock your phone to see that text message, oh thats funny it didn't work, try again and it works. The first time, you got MITM'd and someone had you unlock your bank account instead of your phone. Of course you'll be 100% liable for any losses because this is a secure unbreakable system and it would be a DMCA violation to even research it much less discuss or report on it. In fact thinking about vulnerabilities is in itself probably a thought crime, citizen, maybe you better turn yourself in.
(Score: 2) by cyrano on Wednesday November 12 2014, @06:23PM
No Whoops at all...
The flaws you mention have been demonstrated in 2009 and a more severe flaw in 2010, by one of the people who invented Rijndael, Vincent Rijmen:
http://eprint.iacr.org/2010/337.pdf
The quieter you become, the more you are able to hear. - Kali [kali.org]