Stories
Slash Boxes
Comments

SoylentNews is people

Submission Preview

Link to Story

Punching Holes in nomx, the World's “Most Secure” Communications Protocol

Accepted submission by Fnord666 at 2017-04-28 16:31:01
Security

Scott Helme takes a look at the nomx device, billed as "The world's most secure communications protocol...", and reports some very interesting results.

I was recently invited to take part in some research by BBC Click, alongside Professor Alan Woodward, to analyze a device that had quite a lot of people all excited. With slick marketing, catchy tag lines and some pretty bold claims about its security, nomx claims to have cracked e-mail security once and for all. Down the rabbit hole we go!

[...] Now, as soon as I looked at this device I already had a really bad feeling. First of all, through the vent holes on the top I could see that the PCB inside took up about 25 percent of the footprint of the device, the case was considerably larger than the PCB inside it, which seemed odd. Second, the MAC address on the bottom looked familiar, really familiar. Putting that little thought to the back of my mind I cracked open the case by removing the standard screws in the bottom to confirm my initial suspicion.

Turns out that MAC address was really familiar because the prefix is from the Raspberry Pi Foundation. They own the B8-27-EB assignment, which you can search for on the IEEE site. Select 'MAC Address Block Large (MA-L)' from the drop down menu and filter on 'Raspberry.'

Source:
https://arstechnica.com/information-technology/2017/04/punching-holes-in-nomx-the-worlds-most-secure-communications-protocol/ [arstechnica.com]

Nomx has issued a reply on their main page [nomx.com] in a post titled 'nomx Passes Security Tests After Blogger Claims to Have Penetrated nomx'. In that reply nomx states the following results:

No nomx user was affected by this threat. No nomx user could be affected by this threat in the future. No nomx data was compromised, and the blogger has (finally) reluctantly verified this. He still has not publicly shared these statements, except via an email response to the BBC when directly asked on April 25 the response was:

From the BBC to nomx: "I understand from your replies that you state categorically that no nomx accounts have been affected by this hack. I have put your questions to [blogger] who has confirmed to me that he cannot say that any have."

While nomx is no longer based on Raspberry devices, we still maintain that the users' data is secured as we've demonstrated to the blogger, the media and our customers.


Original Submission