Proofs of Security

TROOPERS is the top-6 world IT security conference. During the conference (12.03.2020 - 16.03.2020), Hacken held multiple challenges for white hat hackers. At our hardware security village, we deep penetrating the testing of samples Hideez provided us. Our lab was well equipped with: 1) Oscilloscope used to study analog/digital signals; 2) Multimeter (for basic study of circuit design and circuit studies); 3) Soldering Station

There were best-embedded security and application security experts from Europe and other countries among our audience. Those experts had an interest in the challenge, tried to breake mechanisms of software protection, bypass security of keys, and most of them estimated samples as well secure.

Cyberlands B.V. API Penetration Testing company conducted security assessment of Hideez Enterprisein March 2021 (Windows environment).

Particularly we checked whether Hideez Enterprise Solution:

• allows to use Hideez Key without the user being present in front of PC with Bluetooth adapter - not allowed;

• allows to extract secrets from Hideez Key using low-level operations system calls -not allowed;

• allows to steal user credentials by a regular keylogger cybercrime tool - not allowed;

• allows to steal user credentials by targeted sealer cybercrime tool - not allowed;

• protects itself from a reverse engineering attack - not allowed.

Overall Hideez paid notable attention to the security of key storage and is well-defended from regular cybercrime tooling. We suggested improving self-protection mechanisms (anti-unpacking, obfuscation, and several others) and met Hideez’s attention and full understanding of how important cybersecurity is for the product. We can recommend Hideez Enterprise Solution for companies with strong authentication requirements.