OnlyKey Bug Bounty Program

Policy

No technology is perfect, and CryptoTrust believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in our product or service, we encourage you to notify us. We welcome working with you to resolve the issue promptly.


Disclosure Policy

  • Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.
  • Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder. 


Exclusions

While researching, we'd like to ask you to refrain from:

  • Denial of service
  • Spamming
  • Social engineering (including phishing) of CryptoTrust staff or contractors
  • Any physical attempts against CryptoTrust property


Bounty Policy

For claiming a bounty see the list of accepted threat models in our scope section.


Safe Harbor

Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.

Thank you for helping keep CryptoTrust and our users safe!

 

Scope

We are currently paying bounties of $1000 USD for OnlyKey hardware vulnerabilities that include all of the following:
- Proof of concept exploit code
- Procedures to reproduce providing enough information to reproduce the exploit so that we can verify the authenticity of the reported vulnerability
- Fit one of the following threat models and eligibility criteria:

1) Lost/stolen OnlyKey threat model


Background

OnlyKey utilized hardware security features to ensure firmware and sensitive data is protected. OnlyKey utilizes encryption of locally stored sensitive data. OnlyKey requires a PIN code to be entered to unlock device and decrypt locally stored sensitive data.


Eligibility Criteria

For this threat model physical access is obtained by an adversary to a user's OnlyKey and the adversary does not know the user's PIN. Use hardware hacking methods to do one of the following:
a) Bypass the PIN entry to gain unauthorized access to users accounts stored on the OnlyKey
b) Extract data from the OnlyKey's locked flash and use this to crack a user's PIN code and gain unauthorized access to users accounts stored on the OnlyKey
c) Extract private key from the OnlyKey's locked flash.


Example submission

For example, the private keys of Nitrokey start were found to be easily extracted from the hardware as described here - https://old.reddit.com/r/crypto/comments/bis3pf/extract_pgp_secret_keys_from_gnuk_nitrokey_start/
In this example, the user built a tool that that extracts firmware

2) Unlocked OnlyKey connected to computer with malware threat model

Background

OnlyKey once unlocked by an authorized user is connected to a computer via USB. While malware can typically extract all information from local programs and software on a user's computer it cannot extract information from a USB connected security key.


Eligibility Criteria

For this threat model logical access is obtained by an adversary to a user's computer (i.e. Meterpreter C2). The OnlyKey is unlocked and also connected to the user's computer. Use software hacking methods to do one of the following without requiring user presence:

a) Extract sensitive authentication data from OnlyKey without user presence (i.e. User has to press a button to enter a password, have the malware communicate via USB and extract that password from the OnlyKey without user button press).
b) Trick the OnlyKey into sending sensitive authentication data without user presence (i.e. User has to press a button to do FIDO2 authentication, have the malware communicate via USB trick the device into thinking a button has been pressed).
c) Extract data from the OnlyKey's locked flash via USB and use this to crack a user's PIN code.
d) Extract private key from the OnlyKey's locked flash via USB.

Example submission

For example, the private keys of Nitrokey start were found to be easily extracted from the hardware as described here - https://old.reddit.com/r/crypto/comments/bis3pf/extract_pgp_secret_keys_from_gnuk_nitrokey_start/
In this example, the user built a tool that that extracts firmware

3) OnlyKey RNG attack threat model


Background

OnlyKey utilizes entropy from multiple sources and stirs this into an entropy pool that is used for generation of cryptographically secure private keys. These keys include private key for deriving SSH keys, private key for OnlyKey data-at-rest encryption, and a key encryption key (kek). More detail on keys can be found here - https://docs.crp.to/security.html.

 

Eligibility Criteria

For this threat model physical or logical access to the OnlyKey may be obtained by an adversary. It may be that no access is required to the device but only to the public keys, for example the SSH public keys that OnlyKey generates with onlykey-agent. Use software or hardware hacking methods to do one of the following:

a) Attack the RNG in a way that permits obtaining the private key given only access to the public key (asymmetric keys).
b) Identify a flaw in the RNG that permits obtaining the private key given only access to the public key (asymmetric keys).
c) Attack the RNG in a way that permits predicting the generated private key value.
d) Identify a flaw in the RNG that permits predicting the generated private key value.


Example submission

For example, the private keys of Yubikey and many smart cards were found to be weak and easily crackable given only access to the public key as described here -
https://crocs.fi.muni.cz/public/papers/rsa_ccs17

 

Submit Report

You're about to submit a report to CryptoTrust. Provide as much information as possible about the potential issue you have discovered. The more information you provide, the quicker CryptoTrust will be able to validate the issue. If you haven't yet, please remember to review our security documentation. To submit report complete the report template shown below and email to vulnerabilities@crp.to.

Summary:

[add summary of the vulnerability]

Steps To Reproduce:

[add details for how we can reproduce the issue]

  1. [add step]
  2. [add step]
  3. [add step]

Select Threat Model [x]:

  • Lost/stolen OnlyKey threat model
    • Bypass the PIN entry to gain unauthorized access to users accounts stored on the OnlyKey
    • Extract data from the OnlyKey's locked flash and use this to crack a user's PIN code and gain unauthorized access to users accounts stored on the OnlyKey
    • Extract private key from the OnlyKey's locked flash
  • Unlocked OnlyKey connected to computer with malware threat model
    • Extract sensitive authentication data from OnlyKey without user presence (i.e. User has to press a button to enter a password, have the malware communicate via USB and extract that password from the OnlyKey without user button press)
    • Trick the OnlyKey into sending sensitive authentication data without user presence (i.e. User has to press a button to do FIDO2 authentication, have the malware communicate via USB trick the device into thinking a button has been pressed)
    • Extract data from the OnlyKey's locked flash via USB and use this to crack a user's PIN code.
    • Extract private key from the OnlyKey's locked flash via USB
  • OnlyKey RNG attack threat model
    • Extract sensitive authentication data from OnlyKey without user presence (i.e. User has to press a button to enter a password, have the malware communicate via USB and extract that password from the OnlyKey without user button press)
    • Trick the OnlyKey into sending sensitive authentication data without user presence (i.e. User has to press a button to do FIDO2 authentication, have the malware communicate via USB trick the device into thinking a button has been pressed)
    • Extract data from the OnlyKey's locked flash via USB and use this to crack a user's PIN code
    • Extract private key from the OnlyKey's locked flash via USB

PoC Exploit:

Supporting Material/References:

  • [attachment / reference]