A number of USB Flash Drive (USB Key) vendors sell drives which encrypt your information so that if the drive falls into the wrong hands, the information on them cannot be read. Some drives use software encryption (where the data is encrypted on the PC before being written to the drive), while others implement hardware encryption where the data is sent to the drive to be encrypted. Hardware encryption is considered to be more secure because the encryption key never leaves the drive. The figure shows a secure drive which has a crypto processor and a secure storage area which holds information which only the processor can access.
No matter the encryption method, when the drive is inserted into a PC, an application asks the user to enter their password to unlock the drive. Some drives, such as the SanDisk U3 series, have an embedded CDROM image which is mounted when the drive is inserted and the unlock program is run automatically by Microsoft Windows. Other drives use software which must be pre-installed or is present on an unlocked portion of the drive so that it can be run manually.
On January 4, 2010, it was widely reported that certain hardware-encrypted USB flash drives had been hacked. This is not exactly true since it was really the unlocking software which was hacked. Simply put, these drives had unlocking software which would accept your password, validate it within the PC, then send an unlock signal to the drive. The problem is that the unlock signal had nothing to do with the password. Let me explain.
As Easy As Opening an Electric Garage Door
Think of a residential electric garage door opener. You have a button inside your house to open it which looks something like a doorbell. In fact, it works the same way – when you press the button, it completes a circuit which opens the door. Now put a numeric keypad on the outside of the house so that you can open the door when you come back from a walk. You enter a code and if the code is correct, the door opens. Just like the switch inside, the keypad completes a circuit. If you pry the keypad off of the wall, you will see the wires that complete the circuit when the correct code is entered. To open the door you just need to connect the wires. So much for selecting a good code!
In essence, this is what the experts at security firm SySS did to unlock the The Kingston DataTraveler BlackBox, SanDisk Cruzer Enterprise FIPS Edition and Verbatim Corporate Secure FIPS Edition drives. All of these drives support AES 256-bit hardware encryption. Since the AES 256-bit hardware encryption is pretty much uncrackable, they decided to crack the password entry mechanism.
When analyzing the Windows drive unlock program, the SySS security experts found a rather blatant flaw that slipped through testers’ nets. During a successful authorization procedure the program always sends the same character string to the drive after entry of a valid password. Going back to the garage door analogy, the Windows program ‘connects the wires’ to unlock the drive. The SySS experts wrote a small program which would ensure that the appropriate string was sent to the drive, irrespective of the password entered. As a result, they gained immediate access to the data on the drive.
The Vendors Respond
When notified by SySS about this worst case security scenario, the respective vendors responded quite differently. Kingston started a recall of the affected products; SanDisk and Verbatim issued fuzzy security bulletins about a ‘potential vulnerability in the access control application’ and provided a software update. When asked about the risk to European companies by heise Security, Verbatim Europe said that none of the affected drives have been sold in Europe – and that none will be shipped before the hole has been closed.
On the other hand, IronKey responded that their security analysts have analyzed the vulnerabilities that have been reported and that their products do not suffer from this vulnerability. This is because IronKey devices verify the correctness of a user’s password in hardware on the device. The security of IronKey devices does not depend on software on the host PC, which as this attack illustrates, easily can be tampered with.
FIPS 140-2
Journalists are asking how USB Flash drives that exhibit such a serious security hole were given FIPS 140-2 certification. A standard which was authored by the National Institute of Standards and Technology (NIST) and accepted by the Communications Security Establishment (CSE) of the Government of Canada.
Even though cryptographic products which have not received this certification are ineligible for government use in the USA and Canada, it is a minimum standard, and does not guarantee that a product is secure. Neither is it a substitute for having deep technical expertise in the design, implementation, and use of a security product.
What Did We Learn From This?
In summary, a secure flash drive implementation was felled by an insecure unlocking mechanism. SySS asked the questions that others somehow missed. Security is not a point solution nor can it be implemented in a vacuum. Your company’s security must be dealt with holistically and if you don’t have experts on your staff, then find the experts you need before you need them. Don’t be afraid to ask embarrassing questions of your vendors and write damages recovery into your contract. The data you save may be your own.
Comments? I’d love to hear them.
Ron LaPedis, MBCP, MBCI, CISSP-ISSAP, ISSMP
Founder and Principal
Seacliff Partners International, LLC
