Chris Blankenship's Ramblings

On Tuesday an article appeared on The H website titled NIST-certified USB Flask drives with hardware encryption cracked that described how a security firm SySS was able to crack the encryption of NIST-certified USB flash drives. 

Apparently SySS was able to figure that the USB drive sends the same character string after performing various crypto operations.  As it is  described by The H:

During a successful authorisation procedure the program will, irrespective of the password, always send the same character string to the drive after performing various crypto operations

So armed with this information SySS could easily shove down the appropriate string to the USB device regardless of a correct or incorrect password:

The SySS experts wrote a small tool for the active password entry program’s RAM which always made sure that the appropriate string was sent to the drive, irrespective of the password entered and as a result gained immediate access to all the data on the drive.

This really isn’t cracking the encryption , it’s more like hijacking the unlock mechanism.  Even so, it’s pretty scary to think that something so obvious was able to make it past the vendors.  You would think someone would have caught this flaw.  How embarrassing for Kingston, SanDisk, and Verbatim.

As for the NIST certification, that really only focuses on how the data is encrypted, meaning the whole premise of this article is really misleading…

I looked for any evidence that IronKey suffers from the same vulnerability but couldn’t find any reference.  There is, however, an interesting article on IronKey’s website that talks about the different approaches to USB Flash Drive Security…