iKey 1000 Allows Administrative and Data Access

iKey 1000 Allows Administrative and Data Access
Reported July 20, 2000 by @Stake

Rainbow Technologies iKey 1000


By physically accessing the iKey 1000 hardware device, its tamper-proof mechanisms can be bypassed thereby providing access to the Master Key (MKEY), normally used for administrator level access. With a standard device programmer the MKEY can be reset to a known value where the iKey could then be used to gain unauthorized access to data.


Rainbow Technologies responded promptly with a press release where the companies cheif technology officer stated, "Rainbow has made a corporate commitment to achieve FIPS 140-1 physical security validation on certain models of iKey this year and are committed to the Common Criteria security evaluation process." Rainbow also offers the iKey 2000, a physically secure token for B2B, enterprise security and other sophisticated PKI applications.

Users are urged to protect against unauthorized physical access to their hardware-based security devices in an effort to prevent such tampering.  

Discovered by @Stake

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.