Hi,
I can´t found a contact with developers of onlykey product, but the key was hacked and unlocked pin security (i dont if developers know it), for security not write where and how here, pleas contact me for more information
Uh a security researcher who can’t find Tim’s email address little hint: only one letter @ domain. (crp.to)
Not me, i found how are hacking this key with software, somebody can access without PIN (free software in internet )
Sure you can contact me directly or per security documentation if you think you have identified a vulnerability contact vulnerabilities@crp.to
Thanks, …done!
@Jota I have reviewed the video you sent via email. For transparency here it is - https://www.youtube.com/watch?v=GdURicqQmmc
While I can see how this video may appear to unlock the OnlyKey it actually is just sending the unlocked message that the OnlyKey sends to the app so the app goes to the unlocked screen. As you can see in the video the OnlyKey labels are still blank, this would be the same as if you just plugged in a blank OnlyKey, no data from the locked OnlyKey is accessible as it is still locked. You will notice if you tried this your OnlyKey would remain locked so no this is not a vulnerability in OnlyKey but thanks for reporting it anyway.
I understand, thanks for review