.

CRACKED: SanDisk and Kingston encrypted flash drives share backdoor

<<

keyster

Newbie
Newbie

Posts: 3

Joined: Sun Sep 13, 2009 12:52 am

Post Tue Jan 05, 2010 10:44 pm

CRACKED: SanDisk and Kingston encrypted flash drives share backdoor

Security experts reveal, SanDisk, Kingston and Verbatim FIPS certified, hardware encrypted USB flash drives have a shared backdoor password.  You would think that they know better but that is what happens when a consumer memory companies bolt on a little security.

"SySS security experts found a rather blatant flaw that has quite obviously slipped through testers' nets. During a successful authorisation procedure the program will, irrespective of the password, always send the same character string to the drive after performing various crypto operations"

http://www.h-online.com/security/news/i ... 95308.html
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Wed Jan 06, 2010 9:01 am

Re: CRACKED: SanDisk and Kingston encrypted flash drives share backdoor

For EH-Netters concerned their new toy is broken, IronKey are claiming to not be vulnerable. Full write-up of the weakness and attack vector available from them here
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Wed Jan 06, 2010 11:53 am

Re: CRACKED: SanDisk and Kingston encrypted flash drives share backdoor

Thanks for the link. Wow that is a really terrible architectural decision. I have a Kingston BlackBox running around here somewhere, I'll have to give it a poke.
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Wed Jan 06, 2010 12:10 pm

Re: CRACKED: SanDisk and Kingston encrypted flash drives share backdoor

So I called Kingston tech support, as recommended on their page about the vulnerability (http://www.kingston.com/driveupdate/) to see about the update. It's going to be a software patch, and won't be available for a couple weeks yet. He said that they do have one that they're testing now, but don't want to release it without testing it thoroughly.

From reading over the vulnerability, I'm not confident that a software patch will really fix things. I imagine that with all the attention that this has gotten, there will be some enterprising folks beating on the patched version as soon as it comes out.
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Wed Jan 06, 2010 2:06 pm

Re: CRACKED: SanDisk and Kingston encrypted flash drives share backdoor

I agree with Jason, I think that this may be an architectural problem.  I am not sure how this method qualifies as hardware encryption, if the same "message" is always sent to to the hardware device.  I feel like I am missing something here.
~~~~~~~~~~~~~~
Ketchup
<<

keyster

Newbie
Newbie

Posts: 3

Joined: Sun Sep 13, 2009 12:52 am

Post Fri Jan 08, 2010 1:56 am

Re: CRACKED: SanDisk and Kingston encrypted flash drives share backdoor

Sandisk and Kingston provide hardware encryption but only the encryption algorithms are processed in hardware.

This is very different than hardware secured.

Hardware secured products should generate encryption keys in hardware using validated true random number generators.    The password key and counter should also protected by the hardware to prevent brute force password-guessing, patching and replay attacks.  In fact, the drive should not even mount until the password is verified in hardware. 

Verifying passwords in memory was the source of this vulnerability.
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Fri Jan 08, 2010 2:11 am

Re: CRACKED: SanDisk and Kingston encrypted flash drives share backdoor

Would the software patch solve the problem of verifying passwords in memory? I could imagine, that it is hard to fix, as the hardware is already there and probably the fault is in the design, so hardly a possibility to change anything to really get it secure. Quite sure that the patch, as soon as it is available, will be reversed in order to see how to attack it again.
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Fri Jan 08, 2010 1:07 pm

Re: CRACKED: SanDisk and Kingston encrypted flash drives share backdoor

My thoughts exactly. They can beef up the mechanism that sends the unlock key to the hardware to make it harder to crack, but it seems like changing to a different method entirely would not be feasible.
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Thu Jan 21, 2010 3:13 pm

Re: CRACKED: SanDisk and Kingston encrypted flash drives share backdoor

So I got an email from Kingston this morning. Apparently, they must have come to the same conclusion that we did about the software update. According to the email "Kingston has decided that the best way to address this problem is to offer our customers replacement units that incorporate newer and stronger security architecture". It looks like the replacement from them will be this:

http://www.kingston.com/flash/dt5000.asp
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Thu Jan 21, 2010 3:35 pm

Re: CRACKED: SanDisk and Kingston encrypted flash drives share backdoor

Nice move, though a simple patch wouldn't have solved the problem anyway and again such news may have appeared soon. Let's see, if they did it better this time.
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Thu Jan 21, 2010 4:27 pm

Re: CRACKED: SanDisk and Kingston encrypted flash drives share backdoor

Wow, I am surprised, honestly.  It's a pleasant surprise. 
~~~~~~~~~~~~~~
Ketchup

Return to Hardware

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software