Filed under: Software, Security
Rohos Logon Key: Turn any USB device into a login key
We've covered USB key security systems before, but Rohos Logon Key looks like an interesting new player in the field for two reasons: cost and convenience. Like other USB key systems it allows you to control user logins with a USB key, but unlike other systems you don't have to use a dedicated key -- practically any USB flash drive will work. In fact, since it depends only on the USB device's serial number and doesn't store anything on the device, many other things will work as well, like iPods, memory cards, or dedicated USB keys.
As you can see from the video, when you pull the device you can set it to either lock the screen immediately or launch OS X's built-in screensaver with password protection. When you plug it back it, it automatically fills the password for you. It also works at the account login screen. Frankly, I don't really know how secure this solution is, since I don't know how hard it is to spoof a device serial number if you know what you're doing. On the other hand, for basic "step away from your desk for a moment" security it looks like it might be a convenient solution.
Rohos Logon Key is $29 from Tesline-Service and a demo is available for download.
[via MacNN]
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 1)
mrsteveman1 said 9:21PM on 8-13-2008
Well, the serial number is probably in the microcontroller in the USB stick, and i don't suppose most of them have easily updatable firmware. There were those U3 things but that was just a virtual CD emulation thing.
If someone wanted to they could falsify the USB traffic i guess, that might be easier than altering an existing USB sticks controller chip.
On the other hand i don't like this idea unless there is a way to get into the system if you lose the key. :D
Reply
haydio said 9:44PM on 8-13-2008
Worst.Video.Ever
Reply
Rick Stratton said 10:20PM on 8-13-2008
This vide reminds me of a Dharma Project video from LOST.
Reply
Sean Ouimet said 2:07AM on 8-14-2008
I had the same thought re: Lost video
trurl said 11:30PM on 8-13-2008
this video will become an internet meme... i'm sure
Reply
Marcos said 1:20AM on 8-14-2008
The SN is easy to spoof with the right equipment.
But you have to *know* what serial number to spoof. That's the tricky part.
Reply
Marty said 3:41AM on 8-14-2008
You only need to know what USB device is used. Then you can look up its ID and spoof it. (e.g. http://www.linux-usb.org/usb.ids)
Reply
Ed said 5:38AM on 8-14-2008
I don't think that the ID is the same as the serial...
Jools said 5:55AM on 8-14-2008
Er, no... The USB Product ID and Serial Number are different.
The Product ID will be the same for all Products of that type. The Serial Number should be unique.
Tyler said 5:53AM on 8-14-2008
Although it may be possible to spoof the USB device's serial number, the OS X user account system isn't very secure anyway — it's easy to reset the root password using just an installer disk.
This seems very cool for basic security, say for fellow classmates, coworkers, etc. People that aren't out to "get you".. But if anyone had physical access to your machine for an extended period no security product would help
Reply
Tony said 6:52AM on 8-14-2008
If someone had that kind of access they could rip the hard drive out and read it directly.
Once physical security is gone then all other security is rendered moot.
It's got about the same security as a house or car key.. if someone gets hold of it for long enough they can duplicate it and render its security useless, but it's fine for most users.
mrsteveman1 said 10:13AM on 8-14-2008
Not really, if your hard drive is encrypted end to end (checkpoint can do it apparently with OS X), physical security becomes less important. And if the firmware is locked they can't really boot an installer anyway, nor can they rip the drive out and access it somewhere else.
Also, there are cases where you give people access to a machine and its USB ports, but they can't actually get to the case. Kiosks are an example.
Tony said 7:53PM on 8-14-2008
Your faith in hard drive encryption is touching. If someone has enouth physical access to the machine to rip the drive out then most hard drive encryption schemes will fail at that point. It's harder to get in, but if there's enough reason to (or enough money involved) then it just slows people down.
Kiosks *are* physically secure, unless you pick it up throw it in the back of a van and drive off with it... at which point they're as vulnerable as anything else.
Andre said 10:10AM on 8-14-2008
If it's using a standard USB key, how does it handle the removal without that nasty device removal popup?
Reply
Tony said 7:47PM on 8-14-2008
It doesn't as far as I can tell.. however you don't have to use a formatted key - you can use an unformatted one, or an iphone, ipod, etc. - pretty much anything with a serial number.
j2 said 11:29AM on 8-14-2008
Not exactly the same, but $30 less expensive is marco polo.
I've got it set up so that everytime I put my (i)phone in the cradle it turns off the screensaver password and disables the screensaver. It also reverses these actions upon removal.
I used to use the bluetooth proximity detector with added Adium and Mail applescript goodness for sexy time also.
I've never tried marcopolo outside the context of already-logged-in, but this is good enough for me.
Reply
Adam said 3:30PM on 9-02-2008
hey can you help me with marcopolo?
I was trying to set up stuff similar to what rohos is supposed to do, but i can not figure out anything!
can i email you or something?