Nothing is safe if left unattended. It’s trivial to make a ‘proxy’ RF device that sends your PIN to the attacker and receives whatever data you would expect from your original hardware token.
at the end of the day no encryption is perfect... security is all about making it harder for an attacker.
A physical device certainly raises the bar..
that said the RF proxy attack is interesting, I'm sure it's non-trivial to do, as the device has to look legitimate. Nonetheless I better wrap my laptop in tinfoil from now on :)
A physical device certainly raises the bar..
that said the RF proxy attack is interesting, I'm sure it's non-trivial to do, as the device has to look legitimate. Nonetheless I better wrap my laptop in tinfoil from now on :)