The security analyst is having fun extracting removable storage devices that guarantee flawless data privacy. Unfortunately the truth is completely different.
USB keys and disks are very practical because they allow you to easily carry data with you. On the other side of the coin you can easily lose them. To guarantee the confidentiality of stored data, some suppliers have developed “secure” USB keys and disks, often incorporating strong hardware encryption, such as 256-bit AES. As Matthias Deek, a researcher at SySS, points out, this protection can sometimes be easily overlooked.
For several months, this specialist has been disassembling this type of device, and for three of them, he has revealed serious vulnerabilities. First product involved: The “Word Keyboard Safe”USB key with a keyboard to enter the encryption password. “If it falls into the wrong hands, the device will lock up and require a redesign after 20 failed password attempts.”, Underscores the manufacturer in a description. Unfortunately, this is not the case. Very quickly, the researcher was able to see that this automatic locking was not implemented.
A few seconds is enough
Another problem: opening this key is very easy. Remove some screws to access the SSD storage components. It is M.2 format and very easy to disassemble. For a hacker, this is best because he can insert storage components into another adapter and carry out rogue attacks. However, this type of process can be lengthy. By analyzing the firmware of the key, Matthias Deek was able to accurately identify how the password was verified, and then wrote a program to find it in a few seconds.
The second scanned device is a USB disk “Words Executive Fingerprint Protection”. Here, it is recognized by the fingerprint reader. The registration and management of these fingerprints is done by specialized software which the user has to install on his computer. By analyzing the functionality of this software, the researcher noticed that the USB disk automatically sends the administrator password to the computer, which, among other things, allows access to all stored data. Again, the researcher has created a small project that will instantly intercept this secret code and can be found in this video.
The third device “LeBron EP-KP001”, USB key with a keyboard for entering passwords. At this point, to access the stored data, you need to be an artisan. Contrary to the manufacturer’s claim, the data is not encrypted in AES 256 bits. Data access is locked by a special microcontroller. To hack the key, just unzip this chip and replace it with another microcontroller of the same type as the password.
According to SySS, the other two secure storage devices from Verbatim are vulnerable, namely “Store ‘n’ Go Secure Portable HDD” and “Fingerprint Secure Portable Hard Drive”. All of these deficiencies have been reported to vendors. But, to date it has not been corrected. So buying these models is strongly encouraged, especially if you are handling sensitive data.