Security analyst, Behrang Fouladi from SensePost, an organization specializing in information security, demonstrates how easy it is to clone RSA SecureID software tokens and provides a step-by-step explanation of his analysis. In his explanation Fouladi shows how a potential attacker could easily calculate the target token’s device serial number and bypasses the device-binding protection, and how to obtain the RSA seed value. Finally, he suggests the use of the Trusted Platform Module (TPM) on devices that support this technology as a counter measure against these issues!
Read Behrang Fouladi’s full explanation here – http://www.sensepost.com/blog/7045.html