Today’s technology advancement not only brought us many innovative and advanced protection options on Software License Protection Dongles but also threaten us with many possible new attacks to make such protection no longer meaningful. Before selecting the right product, one must understand what could be the possible threats and make sure the selected product can accomplish their end objectives. Below are some of the common attacks for your references:-
Hardware Dongle or Key must require driver as the communication interface between the device and the protected application. A common man-in-the-middle attack or emulation attack where the hacker is trying to emulate the communication and trying to replace the original driver with a faked driver, or we call it driver replacement with the intention to make the application believe it has past the security checks even without the valid Dongle. A good Software License Protection Dongle must be able to combat this attack with strong encryption and authentication to detect the action, in case the driver has been replaced.
Brute Force Attacks
One of the very common hacking method is using Password Guessing attack or we call it Brute Force Attacks. There are many tools available in the internet that allows one to run systematically trying on every possible passwords with the attempt to discover the actual passwords, and thus gain the access into the dongle or protection configuration. So, choosing strong passwords together with predefined security feature to lock the Dongle after certain number of wrong passwords attempts can prevent such attacks.
In this attack, a hacker will try to “Photostat” the communication flow between the application and the Dongle so as to replay or simulate the same communications to gain access to the application or even to bypass such security checks. In order to prevent such attacks, a good protection method must include random communications or noises to make hackers confuse which are the “real” communications.
Reverse Engineering Attacks
Such attacks are possible not only on Software level but also on the Hardware device itself. Reverse engineering on software is where the hacker is trying to decompile the protected application into “raw” form, such as into assembly language and thus trying to trace the security check point and bypassing it. For hardware reverse engineering, special electronic equipment will be required where the hacker is trying to duplicate the same hardware device. In order to prevent such attacks on software is to optimize the protection with more comprehensive security checks, not just simple comparison but with authentication methodology. Dongle products that come with more advanced security features such as onboard encryption, onboard algorithms, digital signature, etc will provide better foundation to combat such attacks. The best way to prevent reverse engineering attacks on hardware will be choosing the dongle product of which its hardware architecture is built with the concept of not able to be duplicated, such as microprocessor smart chip based dongle.